I have a very large capture I took over a 24 hour period using tshark. 3000 x 100MB files.
I can access each of them just fine. However, I need to be able to filter out packets across multiple or all files and get stats.
for example, I find in one file a high bandwidth file transfer that was running, but I want to find out when it began, when it ended and run stats to see how much bandwidth it took over that time period. It has the potential to cross 100 or more 100MB files, or even 500 files.
Right now it appears to me that in order to view each file, I have to go to each individual file to look at stats and packets for each file individually.
I do know that I can merge files together with a tool, but I have 3000 such 100MB files.
Is there a way to replay the entire file set with a filter and produce one file with just the data I want to scrape out?
Can I run a filter across multiple files without merging them?
While I can think of a few strategies to merge groups of files and such, it all adds up to a tedious process to get the info I need.