Wireshark · Wireshark-users: Re: [Wireshark-users] 2 gig limit on mergecap

Wireshark-users: Re: [Wireshark-users] 2 gig limit on mergecap

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Wed, 22 Nov 2006 12:07:21 -0800

Daniel Goolsby wrote:

not sure, they're binary files.

In the specific type of merging you're doing, which is justconcatenation, if the capture files are all libpcap files, you could,for files 2 through N, strip off the 20-byte file header from the fileand append it to the first file. That could be done with the aid of ddand cat), for example:


	for i in {files 2 through n}
	do
		(dd bs=20 count=1; cat) <$i >>the_first_file
	done

in the Bourne shell or a compatible shell (Korn, Bourne-again, etc.).

However, whether you'd be able to read the resulting file, either withtcpdump or *shark, is another matter, as per my other mail.

Follow-Ups:
- Re: [Wireshark-users] 2 gig limit on mergecap
  - From: Daniel Goolsby

References:
- [Wireshark-users] 2 gig limit on mergecap
  - From: Daniel Goolsby
- Re: [Wireshark-users] 2 gig limit on mergecap
  - From: Ulf Lamping
- Re: [Wireshark-users] 2 gig limit on mergecap
  - From: Hans Nilsson
- Re: [Wireshark-users] 2 gig limit on mergecap
  - From: Daniel Goolsby

Prev by Date: Re: [Wireshark-users] 2 gig limit on mergecap
Next by Date: Re: [Wireshark-users] 2 gig limit on mergecap
Previous by thread: Re: [Wireshark-users] 2 gig limit on mergecap
Next by thread: Re: [Wireshark-users] 2 gig limit on mergecap
Index(es):
- Date
- Thread