- 在线时间
- 241 小时
- 最后登录
- 2015-12-10
- 威望
- 241
- 金钱
- 118937
- 贡献
- 3011
- 注册时间
- 2011-1-20
- 阅读权限
- 200
- 主题
- 1529
- 帖子
- 4004
- 分享
- 3
- 精华
- 8
- 积分
- 126474
- 相册
- 32
 
|
本帖最后由 爱卫生 于 2011-6-18 19:24 编辑
回复 z36306610 的帖子
你是要做Wireshark的包合并对吗?可以用wireshark自带的工具就可以了。
这个工具在C:\Program Files\Wireshark目录下的mergecap.exe文件。你可以运行CLI进入Dos提示符。并将相应的pcap文件也拷贝到这个目录下,然后再执行下述操作。
方法如下:
Merging lots of packet captures into a single PcapSometimes we may wish to merge multiple packet captures i.e. 4-5 100Mb Packet Captures into a single one for analysis and to remove errors such as “Ack received for unknown packet” etc. To do this, (For Windows) – Firstly, copy the packet capture to your “C:\Program files\Wireshark” folder. Then, we can use the “mergecap.exe” program, similar to how editcap works.
C:\Program Files\Wireshark\mergecap.exe -w master-cap.cap subcap1.capsubcap2.cap subcap3.capIn this command, we are merging subcap1 – subcap3 into a few file, called master-cap.cap.
Thats all there is to it. For references, some useful operators are:
具体可参考wireshark官网的这个帮助链接。http://www.wireshark.org/docs/wsug_html_chunked/AppToolsmergecap.html |
|
窥视卡
雷达卡
发表于 2011-6-18 15:40:42
一键分享
收藏
支持
反对
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
千斤顶
显身卡
发表于 2011-6-18 19:21:08
