On Thu, Aug 23, 2012 at 01:27:33PM -0400, Michael Richardson wrote: > > >>>>> "Wesley" == Wesley Shields <w...@freebsd.org> writes: > >> Since pcap files have no end of file marker, and each file > >> has a header on it, do you look at the beginning of each packet, and > see > >> if there is a pcap magic number? > > Wesley> I'm not sure I'm parsing this right but... > > Wesley> I am using pcap_open_offline() on each file, which should be > validating > Wesley> that I'm operating on a pcap file. I also check to ensure > Wesley> that the DLT > > Ah, sorry, you wrote: > find /pcaps -type f | tcpdump -V - -w out.pcap > > so you are reading a list of files rather than concatenating them. > I had read: > > find /pcaps -type f | xargs cat | tcpdump -V - -w out.pcap > > so you'd have a byte stream with multiple pcap headers inline. > Do we support multipe -r flags... no... maybe that's a better fix?
I don't recall that being supported. I'm not sure what it would take to do that either. My approach seemed easy enough to implement. -- WXS _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
