Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
The ONE Campaign to make poverty history

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Glossary
MoreInfo
Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
FAQ
Copyright Info
Terms of Use
Privacy Info
Disclaimer
WorkBoard
Thanks
Donations
Advertising
Masthead / Impressum
Your Account

Communication
Feedback
Forums
Private Messages
Surveys

Features
HOWTOs
News Archive
Submit News
Topics
User Articles
Web Links

Google
Google


The Web
linux-tutorial.info

Who's Online
There are currently, 199 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here

  

mergecap



SYNOPSYS

       mergecap [ -hva ] [ -s snaplen ] [ -F file format ]
       [ -T encapsulation type ] -w outfile infile ...


DESCRIPTION

       Mergecap is a program that combines multiple saved capture
       files into a single output file specified by the -w argu­
       ment.  Mergecap knows how to read libpcap capture files,
       including those of tcpdump, Ethereal, and other tools that
       write captures in that format.  In addition, Mergecap can
       read capture files from snoop and atmsnoop, Shomiti/Fin­
       isar Surveyor, Novell LANalyzer, Network General/Network
       Associates DOS-based Sniffer (compressed or uncompressed),
       Microsoft Network Monitor, AIX's iptrace, Cinco Networks
       NetXRay, Network Associates Windows-based Sniffer, AG
       Group/WildPackets EtherPeek/TokenPeek/AiroPeek, RADCOM's
       WAN/LAN analyzer, Lucent/Ascend router debug output,
       HP-UX's nettl, the dump output from Toshiba's ISDN
       routers, the output from i4btrace from the ISDN4BSD pro­
       ject, the output in IPLog format from the Cisco Secure
       Intrusion Detection System, pppd logs (pppdump format),
       the output from VMS's TCPIPtrace/TCPtrace/UCX$TRACE utili­
       ties, the text output from the DBS Etherwatch VMS utility,
       traffic capture files from Visual Networks' Visual UpTime,
       and the output from CoSine L2 debug.  There is no need to
       tell Mergecap what type of file you are reading; it will
       determine the file type by itself.  Mergecap is also capa­
       ble of reading any of these file formats if they are com­
       pressed using gzip.  Mergecap recognizes this directly
       from the file; the '.gz' extension is not required for
       this purpose.

       By default, it writes the capture file in libpcap format,
       and writes all of the packets in both input capture files
       to the output file.  The -F flag can be used to specify
       the format in which to write the capture file; it can
       write the file in libpcap format (standard libpcap format,
       a modified format used by some patched versions of libp­
       cap, the format used by Red Hat Linux 6.1, or the format
       used by SuSE Linux 6.3), snoop format, uncompressed Snif­
       fer format, Microsoft Network Monitor 1.x format, the for­
       mat used by Windows-based versions of the Sniffer soft­
       ware, and the format used by Visual Networks' software.

       Packets from the input files are merged in chronological
       order based on each frame's timestamp, unless the -a flag
       is specified.  Mergecap assumes that frames within a sin­
       gle capture file are already stored in chronological
       order.  When the -a flag is specified, packets are copied
       directly from each input file to the output file, indepen­
       dent of each frame's timestamp.

       type.  If not all of the input files have the same frame
       encapsulation type, the output file type is set to
       WTAP_ENCAP_PER_PACKET.  Note that some capture file for­
       mats, most notably libpcap, do not currently support
       WTAP_ENCAP_PER_PACKET.  This combination will cause the
       output file creation to fail.

       If the -T flag is used to specify a frame encapsulation
       type, the encapsulation type of the output capture file
       will be forced to the specified type, rather than being
       the type appropriate to the encapsulation type of the
       input capture files.  Note that this merely forces the
       encapsulation type of the output file to be the specified
       type; the packet headers of the packets will not be trans­
       lated from the encapsulation type of the input capture
       file to the specified encapsulation type (for example, it
       will not translate an Ethernet capture to an FDDI capture
       if an Ethernet capture is read and '-T fddi' is speci­
       fied).


OPTIONS

       -w  Sets the output filename.

       -F  Sets the file format of the output capture file.

       -T  Sets the packet encapsulation type of the output cap­
           ture file.

       -a  Causes the frame timestamps to be ignored, writing all
           packets from the first input file followed by all
           packets from the second input file.  By default, when
           -a is not specified, the contents of the input files
           are merged in chronological order based on each
           frame's timestamp.  Note: when merging, mergecap
           assumes that packets within a capture file are already
           in chronological order.

       -v  Causes mergecap to print a number of messages while
           it's working.

       -s  Sets the snapshot length to use when writing the data.

       -h  Prints the version and options and exits.


SEE ALSO

       tcpdump(8), pcap(3), ethereal(1), editcap(1)


NOTES

       Mergecap is based heavily upon editcap by Richard Sharpe
       <sharpe[AT]ns.aus.com> and Guy Harris
       <guy[AT]alum.mit.edu>.


0.9.14                      2003-05-23                MERGECAP(1)
  

The Linux Tutorial is always looking for new contributors.


Login
Nickname

Password

Security Code
Security Code
Type Security Code


Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!


Amazon Wish List

Did You Know?
You can help in many different ways.


Friends



Tell a Friend About Us

Bookmark and Share



Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.09 Seconds