Created
August 11, 2021 21:17
-
-
Save singe/e94b25434067f2017b37a1586c27ee64 to your computer and use it in GitHub Desktop.
Display the commands required to merge to packet captures and align their time stamps
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| one=$1 | |
| two=$2 | |
| if [[ $one == "" || $two == "" ]]; then | |
| echo Display commands to merge two packet captures to the same time | |
| echo $0 "<cap one> <cap two> <offset>" | |
| exit 1 | |
| fi | |
| offset=$3 | |
| if [[ ! $offset > 0 ]]; then | |
| offset=0 | |
| fi | |
| bone=$(basename $one .cap) | |
| btwo=$(basename $two .cap) | |
| startone=$(capinfos -aeS $one|grep Start|tr -s \ \ |cut -d\ -f3) | |
| starttwo=$(capinfos -aeS $two|grep Start|tr -s \ \ |cut -d\ -f3) | |
| if [[ $startone > $starttwo ]]; then | |
| shift=$(( $startone - $starttwo )) | |
| echo editcap -t $shift $two $btwo-shifted.cap | |
| echo mergecap -w $bone+$btwo-merged.cap $one $btwo-shifted.cap | |
| else | |
| shift=$(( $starttwo - $startone )) | |
| echo editcap -t $shift $one $bone-shifted.cap | |
| echo mergecap -w $bone+$btwo-merged.cap $bone-shifted.cap $two | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment