Merging trace files with Mergecap

You can use Mergecap to merge two or more trace files into one file. The basic syntax is as follows:

mergecap –w <outfile.pcapng>  infile1.pcapng   infile2.pcapng  …

For example:

mergecap –w merged.pacap   source1.pcapng   source2.pcapng    source3.pcapng

One useful option you sometimes may want to use in Mergecap (and several of the other command-line utilities) is –s <snaplen>. This will truncate the packets at the specified length past the start of each frame, resulting in a smaller file; a typical value for <snaplen> is 128 bytes:

mergecap –w merged_trimmed.pcapng  -s 128  source1.pcapng  source2.pcapng

Mergecap batch file

If the capture files you want to merge have a variety of naming formats, you can create a MergeTraces.bat ...

Get Wireshark Essentials now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Wireshark Essentials by James H. Baxter

Merging trace files with Mergecap

Mergecap batch file

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly