Sometimes you need to merge several capture files into one. For example, this can be useful if you have captured simultaneously from multiple interfaces at once (e.g. using multiple instances of Wireshark).
There are three ways to merge capture files using Wireshark:
- Use the File → Merge menu to open the “Merge” dialog. See Section 5.4.1, “The “Merge with Capture File” dialog box”. This menu item will be disabled unless you have loaded a capture file.
- Use drag-and-drop to drop multiple files on the main window. Wireshark will try to merge the packets in chronological order from the dropped files into a newly created temporary file. If you drop only a single file it will simply replace the existing capture.
-
Use the
mergecaptool, a command line tool to merge capture files. This tool provides the most options to merge capture files. See Section D.8, “mergecap: Merging multiple capture files into one” for details.
This dialog box let you select a file to be merged into the currently loaded file. If your current data has not been saved you will be asked to save it first.
Most controls of this dialog will work the same way as described in the “Open Capture File” dialog box, see Section 5.2.1, “The “Open Capture File” dialog box”.
Specific controls of this merge dialog are:
- Prepend packets to existing file
- Prepend the packets from the selected file before the currently loaded packets.
- Merge packets chronologically
- Merge both the packets from the selected and currently loaded file in chronological order.
- Append packets to existing file
- Append the packets from the selected file after the currently loaded packets.
This is the common Windows file open dialog with additional Wireshark extensions.
This is the common Gimp/GNOME file open dialog with additional Wireshark extensions.