Another option could be to support stdin as input file in mergecap with an "append" switch. If mergecap whould support something like this
cat input1.pcap | mergecap -a - -w output.pcap cat input2.pcap | mergecap -a - -w output.pcap this would allow a user to do something like for file in *.pcap do tshark -r $file -Y "FILTER" -w - | mergecap -a - -w output.pcap done what about that? On Thu, Sep 5, 2013 at 3:35 PM, Christopher Maynard < christopher.mayn...@gtech.com> wrote: > Evan Huus <eapache@...> writes: > > > You can even (I think) pipe from mergecap to tshark as follows: > > > > > > mergecap -w - in1.pcap in2.pcap in3.pcap | tshark -Y > "dns.qry.name contains google" -o google.pcap > > Just a slight correction on the tshark command-line options needed (note > the > "-i -"): > > mergecap -w - in1.pcap in2.pcap in3.pcap | tshark -i - -Y "dns.qry.name > contains google" -o google.pcap > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
