User Guide

ManualsBrandsWireshark ManualsSoftwareWireshark Wireshark - 1.5

231

232

233

234

235

236

237

238

239

240

Related command line tools

222

raw-telnet-nettl - Raw telnet with nettl headers

usb-linux - USB packets with Linux header

mpeg - MPEG

ppi - Per-Packet Information header

erf - Endace Record File

bluetooth-h4 - Bluetooth H4 with linux header

sita-wan - SITA WAN packets

sccp - SS7 SCCP

bluetooth-hci - Bluetooth without transport layer

ipmb - Intelligent Platform Management Bus

wpan - IEEE 802.15.4 Wireless PAN

x2e-xoraya - X2E Xoraya

flexray - FlexRay

lin - Local Interconnect Network

most - Media Oriented Systems Transport

can20b - Controller Area Network 2.0B

layer1-event - EyeSDN Layer 1 event

x2e-serial - X2E serial line capture

i2c - I2C

wpan-nonask-phy - IEEE 802.15.4 Wireless PAN non-ASK PHY

tnef - Transport-Neutral Encapsulation Format

usb-linux-mmap - USB packets with Linux header and padding

gsm_um - GSM Um Interface

dpnss_link - Digital Private Signalling System No 1 Link Layer

packetlogger - PacketLogger

nstrace10 - NetScaler Encapsulation 1.0 of Ethernet

nstrace20 - NetScaler Encapsulation 2.0 of Ethernet

fc2 - Fibre Channel FC-2

fc2sof - Fibre Channel FC-2 With Frame Delimiter

jfif - JPEG/JFIF

ipnet - Solaris IPNET

D.8. mergecap: Merging multiple capture files

into one

Mergecap is a program that combines multiple saved capture files into a single output file specified by

the -w argument. Mergecap knows how to read libpcap capture files, including those of tcpdump. In

addition, Mergecap can read capture files from snoop (including Shomiti) and atmsnoop, LanAlyzer,

Sniffer (compressed or uncompressed), Microsoft Network Monitor, AIX's iptrace, NetXray, Sniffer Pro,

RADCOM's WAN/LAN analyzer, Lucent/Ascend router debug output, HP-UX's nettl, and the dump

output from Toshiba's ISDN routers. There is no need to tell Mergecap what type of file you are reading;

it will determine the file type by itself. Mergecap is also capable of reading any of these file formats if

they are compressed using gzip. Mergecap recognizes this directly from the file; the '.gz' extension is not

required for this purpose.

By default, it writes the capture file in libpcap format, and writes all of the packets in the input capture

files to the output file. The -F flag can be used to specify the format in which to write the capture file; it can

write the file in libpcap format (standard libpcap format, a modified format used by some patched versions

of libpcap, the format used by Red Hat Linux 6.1, or the format used by SuSE Linux 6.3), snoop format,

uncompressed Sniffer format, Microsoft Network Monitor 1.x format, and the format used by Windows-

based versions of the Sniffer software.

Packets from the input files are merged in chronological order based on each frame's timestamp, unless

the -a flag is specified. Mergecap assumes that frames within a single capture file are already stored in

chronological order. When the -a flag is specified, packets are copied directly from each input file to the

output file, independent of each frame's timestamp.