Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

5.4. Merging capture files
Prev Chapter 5. File Input / Output and Printing Next

5.4. Merging capture files

Sometimes you need to merge several capture files into one. For example this can be useful, if you have captured simultaneously from multiple interfaces at once (e.g. using multiple instances of Wireshark).

Merging capture files can be done in three ways:

  • Use the menu item "Merge" from the "File" menu, to open the merge dialog, see Section 5.4.1, “The "Merge with Capture File" dialog box”. This menu item will be disabled, until you have loaded a capture file.

  • Use drag-and-drop to drop multiple files on the main window. Wireshark will try to merge the packets in chronological order from the dropped files into a newly created temporary file. If you drop only a single file, it will simply replace a (maybe) existing one.

  • Use the mergecap tool, which is a command line tool to merge capture files. This tool provides the most options to merge capture files, see Section D.7, “ mergecap : Merging multiple capture files into one ”.

5.4.1. The "Merge with Capture File" dialog box

This dialog box let you select a file to be merged into the currently loaded file.

[Note] You will be prompted for an unsaved file first!

If your current data wasn't saved before, you will be asked to save it first, before this dialog box is shown.

Most controls of this dialog will work the same way as described in the "Open Capture File" dialog box, see Section 5.2.1, “The "Open Capture File" dialog box”.

Specific controls of this merge dialog are:

Prepend packets to existing file

Prepend the packets from the selected file before the currently loaded packets.

Merge packets chronologically

Merge both the packets from the selected and currently loaded file in chronological order.

Append packets to existing file

Append the packets from the selected file after the currently loaded packets.

Table 5.3. The system specific "Merge Capture File As" dialog box

Figure 5.7. "Merge" on native Windows

"Merge" on native Windows

Microsoft Windows

This is the common Windows file open dialog - plus some Wireshark extensions.

Figure 5.8. "Merge" - new GTK version

"Merge" - new GTK version

Unix/Linux: GTK version >= 2.4

This is the common Gimp/GNOME file open dialog - plus some Wireshark extensions.

Figure 5.9. "Merge" - old GTK version

"Merge" - old GTK version

Unix/Linux: GTK version < 2.4

This is the file open dialog of former Gimp/GNOME versions - plus some Wireshark extensions.

Prev Up Next
5.3. Saving captured packets Home 5.5. File Sets

 
 
  Published under the terms fo the GNU General Public License Design by Interspire