After selecting to add a new merge task the according settings dialog will automatically open up. By default a couple of settings are already configured, for example the mapping of the interfaces.


The merge process


The merge process deals with a a few issues that the current (as of June 2014) mergecap tool in the official Wireshark installation has:


  • mergecap cannot merge PCAPng files that were captured on multiple interfaces. To be fair, it is quite hard to adjust settings for merging multiple interfaces with a command line tool.
  • mergecap is limited to merging as many files as the command line allows to specify in the parameters. I have found that mergecap sometimes allows using wildcards, but not always (for whatever reason). This may not seem a big deal but it sometimes is a problem.
  • merging by time stamp can produce incorrect results if the input files contains negative delta times between packets. This happens for captures on multiple interfaces, where frames are recorded into the capture file with out of order timestamps every now and then. To be fair again: TraceWrangler does not yet allow to merge by time stamp, either (because it's way more complicated than concatenation).