On Thu, Aug 23, 2012 at 01:27:33PM -0400, Michael Richardson wrote:
Wesley == Wesley Shields w...@freebsd.org writes:
Since pcap files have no end of file marker, and each file
has a header on it, do you look at the beginning of each packet, and
see
if there is a pcap magic number?
Wesley I'm not sure I'm parsing this right but...
Wesley I am using pcap_open_offline() on each file, which should be
validating
Wesley that I'm operating on a pcap file. I also check to ensure
Wesley that the DLT
Ah, sorry, you wrote:
find /pcaps -type f | tcpdump -V - -w out.pcap
so you are reading a list of files rather than concatenating them.
I had read:
find /pcaps -type f | xargs cat | tcpdump -V - -w out.pcap
so you'd have a byte stream with multiple pcap headers inline.
Do we support multipe -r flags... no... maybe that's a better fix?
I don't recall that being supported. I'm not sure what it would take to
do that either. My approach seemed easy enough to implement.
-- WXS
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
