I wanted to combine two wirehsark captures into one and see the packets.
I searched for how to combine or merge two pcap files and this is how i did using mergecap. It allows you to combine two capture files and create a third one.
C:\Program Files\Wireshark>mergecap.exe -h
Mergecap 1.4.3 (SVN Rev 35482 from /trunk-1.4)
Merge two or more capture files into one.
See http://www.wireshark.org/ for more information.
Usage: mergecap [options] -w <outfile>|- <infile> ...
Output:
-a concatenate rather than merge files.
default is to merge based on frame timestamps.
-s <snaplen> truncate packets to <snaplen> bytes of data.
-w <outfile>|- set the output filename to <outfile> or '-' for stdout.
-F <capture type> set the output file type; default is libpcap.
an empty "-F" option will list the file types.
-T <encap type> set the output file encapsulation type;
default is the same as the first input file.
an empty "-T" option will list the encapsulation types.
Miscellaneous:
-h display this help and exit.
-v verbose output.
Run Command :
C:\Program Files\Wireshark>mergecap.exe capture1.pcap cap2.pcap -w output.pcap
Now the output.pcap will have the contents merged of input files, capture1.pcap and cap2.pcap.
I searched for how to combine or merge two pcap files and this is how i did using mergecap. It allows you to combine two capture files and create a third one.
C:\Program Files\Wireshark>mergecap.exe -h
Mergecap 1.4.3 (SVN Rev 35482 from /trunk-1.4)
Merge two or more capture files into one.
See http://www.wireshark.org/ for more information.
Usage: mergecap [options] -w <outfile>|- <infile> ...
Output:
-a concatenate rather than merge files.
default is to merge based on frame timestamps.
-s <snaplen> truncate packets to <snaplen> bytes of data.
-w <outfile>|- set the output filename to <outfile> or '-' for stdout.
-F <capture type> set the output file type; default is libpcap.
an empty "-F" option will list the file types.
-T <encap type> set the output file encapsulation type;
default is the same as the first input file.
an empty "-T" option will list the encapsulation types.
Miscellaneous:
-h display this help and exit.
-v verbose output.
Run Command :
C:\Program Files\Wireshark>mergecap.exe capture1.pcap cap2.pcap -w output.pcap
Now the output.pcap will have the contents merged of input files, capture1.pcap and cap2.pcap.