Differences

This shows you the differences between two versions of the page.

--- pcaps:ixmgtool [2019/04/13 19:12] – [What is a FAT pcap file] veera
+++ pcaps:ixmgtool [2019/04/13 19:17] – [Example run] veera
@@ Line 18: / Line 18: @@
 ===== How is it different from mergecap  =====
-Mergecap  is a command line [[https://www.wireshark.org/docs/man-pages/mergecap.html|utility from the wireshark]] project.  It also combines multiple thin PCAP files into a single  fat PCAP file. But it preserves the timestamps, hence works to //fatten// the output PCAP if there is significant overlap in the time windows.
+Mergecap  is a command line [[https://www.wireshark.org/docs/man-pages/mergecap.html|utility from the wireshark]] project.  It also combines multiple thin PCAP files into a single  fat PCAP file. But it preserves the timestamps, hence works to //fatten// the output PCAP //only//  if there is significant overlap in the time windows.
 trisul_ixmgtool when run with the squish option , aligns the timestamps  of the files to the lowest timestamp and then processes the merge.  The following diagram illustrates the difference between mergecap and ixmgtool
@@ Line 25: / Line 25: @@
-====== trisul_ixmgtool ======
+====== Using trisul_ixmgtool ======
 To get the free ixmgtool [[https://trisul.org/download|install Trisul Probe]] , you will find the trisul_ixmgtool in ''/usr/local/bin''
@@ Line 98: / Line 98: @@
-To get a **really fat pcap** you can use the squish 10 option
+To get a **really FAT pcap** you can use the ''-squish10'' option. This creates 10 dummy flows for each flow by manipulating the source IP to 10 different IPs in the 10.0.0.x range.