How to concatenate two tcpdump files, so that one traffic will appear after another in the file? To be concrete I want to "multiply" one tcpdump file, so that all the sessions will be repeated one after another sequentially few times.
A:
Wireshark has the File -> Merge command which should do this.
I also remember mergecap being a tool to do so, but I haven't used it in a while.
viksit
2009-05-26 21:32:26
+1
A:
As the other answers say, you can use File->Merge in Wireshark, tcpslice, or mergecap. You can also drag a file into Wireshark's main window. If Wireshark/tcpdump/snort/Ntop/etc supported pcap-ng, you'd be able to simply concatenate your capture files.
Gerald Combs
2009-05-26 21:42:45
But don't they all just merge packet data, without caring about sequential numbers and shift of the packets in time, so that one concatenation segment is placed after another in time.
2009-05-26 21:51:32
If you use File->Merge or mergecap you have the option of prepending, merging chronologically (interleaving according to timestamps), or appending.
Gerald Combs
2009-05-27 18:55:48