# Can Mergecap merge captures in a different directory than where it is located?

I have a folder specifically for my captures, it is a separate directory from that of the Wireshark directory. I am trying to use Mergecap to merge multiple captures in this directory and it is not able to detect the files I am referencing.

When I put my captures in my Wireshark directory, it works perfectly fine, but it is then surrounded by files and folders that are not associated with my caps, and it makes it hard to manage/organize.

Is it possible in some way to make Mergecap read/detect files in a directory that it doesn't exist in?

edit retag close merge delete

Sort by » oldest newest most voted

The reason you can't run mergecap from you capture directory is because the Wireshark program is not in your path. Wireshark's installation doesn't add itself to the path. I am assuming you are using Windows. There are two options:

1. type c:"\program files\wireshark\mergecap", the double quotes is because the space in "program files"
2. Update the Windows path. Go to the Windows "Advanced System Settings", "Environmental Variables", "User variables, click "path", and then edit. Add the folder that Wireshark folder, e.g. "c:\Program Files\Wireshark\", closed all the windows and then restart. Mergecap can run from any folder.

Merging files from different folders I just tested this with Windows 10. I created c:\temp2, c:\temp3, and c:\temp4 folders. I copied one pcap to c:\temp3 folder and different pcap to c:\temp4 folder. Then from c:\temp2, I merged the two pcaps together. You will need to use the full path name for the file names, e.g. c:\temp3\test.pcap.

more

Add the folder that Wireshark folder, e.g. "c:\Program Files\Wireshark\", closed all the windows and then restart. Mergecap can run from any folder.

And so can other command-line Wireshark tools, such as TShark, editcap, capinfos, and so on.

( 2021-10-14 22:26:13 +0000 )edit

Another option if you use PowerShell is to add aliases to the tools, This has a slight advantage in that it doesn't pollute your PATH which can often be filled with rubbish from programs that are installed and then uninstalled and don't clean up properly after them.

The following one-liner will add aliases for all the executables in the Wireshark directory:

> Get-ChildItem 'C:\Program Files\Wireshark\*.exe' | ForEach-Object { New-Alias -Name $_.BaseName -Value$_.FullName -Force }

( 2021-10-15 08:14:42 +0000 )edit