tshark
4 views
Skip to first unread message
Malcolm Herbert
Aug 25, 2025, 7:01:25 AMAug 25
to mlug-au
here I'm running tshark over a bunch of small (5min) .pcap files and using mergecap to concatenate them into something more useful (by the filename)
ls -1 *.pcap |
xargs \
-r \
-n 1000 \
mergecap \
-a \
-w - |
tshark \
-r - \
-Y "<your wireshark filter rules>" \
-T json \
-j "frame http" |
jq '
your write-only jq code here
'
--
Malcolm Herbert
mj...@mjch.net
ls -1 *.pcap |
xargs \
-r \
-n 1000 \
mergecap \
-a \
-w - |
tshark \
-r - \
-Y "<your wireshark filter rules>" \
-T json \
-j "frame http" |
jq '
your write-only jq code here
'
--
Malcolm Herbert
mj...@mjch.net
Reply all
Reply to author
Forward
0 new messages