Created
December 11, 2018 06:18
-
-
Save pocc/d57116585f3212ae09279dce79d216b8 to your computer and use it in GitHub Desktop.
Apply a Display Filter to multiple files and merge the packets into one file
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # In response to https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14418 | |
| # First arg is filter, all other args are files | |
| # Usage: ./filter_combine.sh 'icmp' file1.pcap file2.pcap file3.pcap | |
| # Outputs `combined.pcapng` | |
| FILTER=$1 | |
| FILES=${@:2} | |
| i=0 | |
| TEMP_FILES=() | |
| for file in $FILES | |
| do | |
| tshark -r "$file" -Y "$FILTER" -w "/tmp/temp-$file" | |
| TEMP_FILES[i]="/tmp/temp-$file" | |
| echo "Processing $file ..." | |
| i=$((i+1)) | |
| done | |
| # Use pcapng in case there are different LinkTypes | |
| echo "Merging files ..." | |
| mergecap -w combined.pcapng -F pcapng ${TEMP_FILES[*]} | |
| rm ${TEMP_FILES[*]} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment