tcpdump exits before completing the merge #1132
Comments
|
Something is off in the problem description because for the specified invocation tcpdump would not write any output file, instead it would exit with the following error: Please check which program you use and the exact steps to reproduce. |
|
In particular, tcpdump does not support reading multiple files and merging them into one file - and, even if it did, it wouldn't support it with the Perhaps this is a version of tcpdump that somebody's modified to work that way? If so, then you will have to report this to the person or people who modified tcpdump. |
|
This project does have a program that will combine multiple pcap files: tcpslice. The resulting file will contain all packets from all input files in order by timestamp (e.g., strictly speaking tcpslice has no way to have all the packets from 1.pcap followed by those from 2.pcap; it can only combine by time) |
|
With official tcpdump: |
|
Awesome! However, if the bug report was genuine, the reporter would have provided the actual steps to reproduce, so if it stays like this, it will be closed as invalid. |
|
As discussed. |
tcpdump version 4.9.3
libpcap version 1.10.0
I have 2 pcaps 1.pcap consisting of 5 packets and 2.pcap consisting of 10 packets and i am trying to merge them into single pcap let's say output.pcap i am running the following command to merge the pcap
the above tcpdump command gets exited as soon as the 5 packets of 1.pcap and 5 packets of 2.pcap has been added to the output.pcap file and it does not merge the rest of the packets in 2.pcap to output.pcap
I have also looked in man page of tcpdump command to find if there are any flags that will also merge the rest of the packets from 2.pcap but did not found any information regarding that, If there are any flags which can help me with this please let me know
The text was updated successfully, but these errors were encountered: