On Tue, Mar 03, 2009 at 07:01:48PM -0800, Rayne wrote:
> I have multiple trace files all beginning with the prefix "trace1_"
> and I would like to read all these files, apply a filter on them and
> write the filtered packets into another pcap file.
>
> I've tried both reading from trace1* and listing all the filenames
> after the -r option, but I keep getting syntax error.
>
> Can I read multiple files in tcpdump and if so, how?
I don't know about tcpdump, but with Wireshark you can use the included
CLI command mergecap to put the files together and then read it in.
Steve