Wireshark · Wireshark-users: Re: [Wireshark-users] Capturing and merging files from different machines

Wireshark-users: Re: [Wireshark-users] Capturing and merging files from different machines

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Wed, 18 Jun 2008 09:10:52 -0700

Chris Swinney wrote:

I have taken a capture on two different machines from an in-line networktap (one to capture upstream, one to capture downstream data). I nowneed to merge these file, but when I ask Wireshark to merge themchronologically, it seems to merge them based on the initial time takeninto the capture, not the actual capture time.

What do you mean by the "initial time taken into the capture" and "theactual capture time"?

As a side note, is it possible to ï¿½shut upï¿½ the capturing machines fromtrying to send network traffic on the capturing interfaces (WindowsXP/Vista), so in effect they just listen?

Turning name resolution off in Wireshark might help, but that onlylimits what Wireshark does on the network, not what anything elserunning on the machine does on the network. I don't know whethernetwork interfaces can be configured "down" on Windows, or whetherWinPcap will recognize interfaces configured "down" so that you cancapture on them.

References:
- [Wireshark-users] Capturing and merging files from different machines
  - From: Chris Swinney

Prev by Date: Re: [Wireshark-users] Capturing and merging files from different machines
Next by Date: Re: [Wireshark-users] Capturing and merging files from different machines
Previous by thread: Re: [Wireshark-users] Capturing and merging files from different machines
Next by thread: Re: [Wireshark-users] Tracking TCP In-flight Data
Index(es):
- Date
- Thread