# mergecap -w /dev/stdout file1.pcap file2.pcap file3.pcap | tcpdump -r - -w output.pcap host 192.168.1.10mergecap reads the list of files at the end as input and writes them out to /dev/stdout, where tcpdump reads them in and writes the result to output.pcap after applying the filter (host 192.168.1.10).
Friday, October 10, 2014
Use tcpdump to Filter and Merge Multiple pcap Files
The other day I had a couple dozen pcap files (each just under 1 GB in size) that I wanted to filter the traffic of one host out of. A couple different options come to mind - merge the pcap files together and then filter, or filter each pcap separately and then merge the results together. Both of these are pretty sloppy ways of doing this if you don't do it in one line:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment