editcap

问题 I'm trying to merge numerous pcap files together for post-processing after capture, however, I need to retain information about the source file of each packet (the file name contains information about the network tap source). This information isn't available anywhere in the packets themselves. My idea is to use the convenience of pcapng which allows adding a frame comment (frame.comment) to a packet and which can be done programmatically using editcap. I could use this to add information from

问题 How to split wireshark files based on time interval. Editcap does not allow to split files in milliseconds? Can give only seconds using editcap -i . 回答1: This will be supported in Wireshark 3.2.0, which is due to be released this fall. If you need the functionality sooner you can try one of the 3.1 automated builds. 来源： https://stackoverflow.com/questions/57004719/split-wireshark-to-miliseconds