tcpdump mailing list archives

Re: Multifile patch

From: Michael Richardson <mcr () sandelman ca>
Date: Thu, 23 Aug 2012 13:27:33 -0400

"Wesley" == Wesley Shields <wxs () FreeBSD org> writes:

    >> Since pcap files have no end of file marker, and each file
    >> has a header on it, do you look at the beginning of each packet, and see
    >> if there is a pcap magic number?

    Wesley> I'm not sure I'm parsing this right but...

    Wesley> I am using pcap_open_offline() on each file, which should be validating
    Wesley> that I'm operating on a pcap file. I also check to ensure
    Wesley> that the DLT

Ah, sorry, you wrote:
  find /pcaps -type f | tcpdump -V - -w out.pcap

so you are reading a list of files rather than concatenating them.
I had read:

  find /pcaps -type f | xargs cat | tcpdump -V - -w out.pcap

so you'd have a byte stream with multiple pcap headers inline.
Do we support multipe -r flags... no... maybe that's a better fix?

-- 
Michael Richardson
-at the cottage-

Attachment: _bin
Description:

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

Multifile patch Wesley Shields (Aug 19)
- Re: Multifile patch Michael Richardson (Aug 21)
  - Re: Multifile patch Wesley Shields (Aug 21)
    - Re: Multifile patch Michael Richardson (Aug 23)
    - Re: Multifile patch Wesley Shields (Aug 23)
- Re: Multifile patch Michael Richardson (Sep 03)
  - Re: Multifile patch Guy Harris (Sep 04)
    - Re: Multifile patch David Laight (Sep 04)
    - Re: Multifile patch Guy Harris (Sep 04)
    - Re: Multifile patch David Laight (Sep 05)
  - Re: Multifile patch Gert Doering (Sep 04)
  - Re: Multifile patch Wesley Shields (Sep 06)
    - Re: Multifile patch Wesley Shields (Sep 13)