Hi,
I have taken a capture on two different machines from an
in-line network tap (one to capture upstream, one to capture downstream data).
I now need to merge these file, but when I ask Wireshark to merge them
chronologically, it seems to merge them based on the initial time taken into
the capture, not the actual capture time.
I have tried to mitigate time differences but synching both
machine to an NTP server, but of course both captures are themselves started a
different times. How can I best accomplish what I want.
As a side note, is it possible to “shut up” the
capturing machines from trying to send network traffic on the capturing interfaces
(Windows XP/Vista), so in effect they just listen?
Regards
Chris Swinney
Tel -
(01792) 411662
Email - swin@xxxxxxxxxxxxx
56 Dan-y-graig Rd
Port Tennant,
Swansea
SA1 8LZ