Often we end up collecting more than one PCAP trace file during the sniffing activity. To merge two or more PCAP files into one, use mergecap
. The mergecap
tool ships with Kali Linux and allows the creation of a single file that you can import into Wireshark for analysis. The following figure shows the usage options of mergecap
:
In the following example, we will be creating a single file from two individual .cap
files:
#mergecap –w combined.cap inputfile1.cap inputfile2.c ap