Hi Experts,
I have numerous capture files which I intend to merge into one pcap using mergecap. Before doing so I want to clearly mark the source pcap files with a field that will allow me to quickly determine their original source file.
One way which I can do it is via a loop as show below, then using the comment field to sort my traffic:
for i in {1..3178}; do editcap -a "$i:SW4" Switch4.pcap Switch4_commented.PCAP; done
This approach however is really slow, especially when dealing with large files. What I was hoping to achieve, was to actually edit the interface id (frame.interface_id) in the file, rather than add a comment (leaving the comment field open for later use).
Can anybody suggest a good way to perform this sort of action? I am sure there is a better approach than what I am doing now.
Thanks