I frequently have to capture a given traffic flow from multiple taps and compare the resultant files.
Staring and comparing multiple wireshark windows is difficult but merging the pcapng files loses the ability to clearly identify which tap captured which packet. I have to be able to quickly distinguish a packet dropped by the network versus one not captured by a tap.
I'd like to set the packet.comment field to that of the original file name before merging. Is that possible with some one-liner or with lua?
Currently I'm using a perl script to bounce between two temp files updating one frame at a time with editcap. Performance isn't great at 4 to 14 frames per second depending on the file.
