After trying this:
for i in {files 2 through n}
do
(dd bs=20 count=1; cat) <$i >>the_first_file
done
it created the file, but tcpdump gave this error while trying to just read
it:
tcpdump: <filename>: Value too large for defined data type. it also gave
that error with any program that had to read it (snort, bro, etc..)
suppose i'll just stick with running them individually until this
functionality is implemented.
thanks for the help..
daniel
On 11/22/06, Guy Harris <[EMAIL PROTECTED] > wrote:
Daniel Goolsby wrote:
> not sure, they're binary files.
In the specific type of merging you're doing, which is just
concatenation, if the capture files are all libpcap files, you could,
for files 2 through N, strip off the 20-byte file header from the file
and append it to the first file. That could be done with the aid of dd
and cat), for example:
for i in {files 2 through n}
do
(dd bs=20 count=1; cat) <$i >>the_first_file
done
in the Bourne shell or a compatible shell (Korn, Bourne-again, etc.).
However, whether you'd be able to read the resulting file, either with
tcpdump or *shark, is another matter, as per my other mail.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
--
--daniel
--
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users
