User Guide

ManualsBrandsWireshark ManualsSoftwareWireshark Wireshark - 1.9

241

242

243

244

245

246

247

248

249

250

Related command line tools

233

rawip4 - Raw IPv4

rawip6 - Raw IPv6

redback - Redback SmartEdge

sccp - SS7 SCCP

sdlc - SDLC

sita-wan - SITA WAN packets

slip - SLIP

socketcan - SocketCAN

symantec - Symantec Enterprise Firewall

tnef - Transport-Neutral Encapsulation Format

tr - Token Ring

tr-nettl - Token Ring with nettl headers

tzsp - Tazmen sniffer protocol

unknown - Unknown

unknown-nettl - Unknown link-layer type with nettl headers

usb - Raw USB packets

usb-linux - USB packets with Linux header

usb-linux-mmap - USB packets with Linux header and padding

user0 - USER 0

user1 - USER 1

user10 - USER 10

user11 - USER 11

user12 - USER 12

user13 - USER 13

user14 - USER 14

user15 - USER 15

user2 - USER 2

user3 - USER 3

user4 - USER 4

user5 - USER 5

user6 - USER 6

user7 - USER 7

user8 - USER 8

user9 - USER 9

whdlc - Wellfleet HDLC

wpan - IEEE 802.15.4 Wireless PAN

wpan-nofcs - IEEE 802.15.4 Wireless PAN with FCS not present

wpan-nonask-phy - IEEE 802.15.4 Wireless PAN non-ASK PHY

x25-nettl - X25 with nettl headers

x2e-serial - X2E serial line capture

x2e-xoraya - X2E Xoraya

D.8. mergecap: Merging multiple capture files

into one

Mergecap is a program that combines multiple saved capture files into a single output file specified by

the -w argument. Mergecap knows how to read libpcap capture files, including those of tcpdump. In

addition, Mergecap can read capture files from snoop (including Shomiti) and atmsnoop, LanAlyzer,

Sniffer (compressed or uncompressed), Microsoft Network Monitor, AIX's iptrace, NetXray, Sniffer Pro,

RADCOM's WAN/LAN analyzer, Lucent/Ascend router debug output, HP-UX's nettl, and the dump

output from Toshiba's ISDN routers. There is no need to tell Mergecap what type of file you are reading;

it will determine the file type by itself. Mergecap is also capable of reading any of these file formats if

they are compressed using gzip. Mergecap recognizes this directly from the file; the '.gz' extension is not

required for this purpose.

By default, it writes the capture file in libpcap format, and writes all of the packets in the input capture

files to the output file. The -F flag can be used to specify the format in which to write the capture file; it can

write the file in libpcap format (standard libpcap format, a modified format used by some patched versions

of libpcap, the format used by Red Hat Linux 6.1, or the format used by SuSE Linux 6.3), snoop format,