WEBVTT 00:00.120 --> 00:08.070 In this lecture we will learn how to merge multiple Wireshark files into one. 00:08.100 --> 00:17.760 Merging files is a useful feature which allows you to merge contents of multiple files into one. 00:17.880 --> 00:21.750 There are two methods to merge files. 00:21.750 --> 00:23.470 I will show you both. 00:23.490 --> 00:26.940 So let's start with the first method. 00:27.060 --> 00:35.880 So the first thing that you have to do is open the file that you want to merge with another file. 00:35.880 --> 00:37.770 So go to the file open. 00:37.980 --> 00:45.690 Now I'm going to merge contents or packets of these two files, three way handshake and a dummy. 00:45.690 --> 00:47.520 So let me click on dummy. 00:47.520 --> 00:56.490 As you can see at the bottom, dummy file has 45 packets and three way handshake file has total three 00:56.490 --> 00:57.330 packets. 00:57.330 --> 00:57.690 Right. 00:57.690 --> 01:03.150 So I'm going to open the dummy file, double click on it or click on open. 01:03.510 --> 01:12.300 As you can see, it has total 45 packets right now in this file, I'm going to merge packets of three 01:12.300 --> 01:13.650 way handshake file. 01:13.710 --> 01:17.130 So go to the file, click on merge. 01:17.160 --> 01:22.680 Down here we have three options pretend packets to the existing file. 01:22.710 --> 01:28.290 This option allows us to add packets at the beginning. 01:28.290 --> 01:36.000 Second option merge packets chronologically it merges packets according to the time stamp. 01:36.000 --> 01:39.120 Then we have last option append packets. 01:39.630 --> 01:44.040 It basically appends packets at the end of the file. 01:44.040 --> 01:46.830 So I'm going to go with the first option. 01:46.830 --> 01:49.860 It will append packets at the beginning. 01:49.890 --> 01:54.270 Now double click on the file that you want to merge. 01:54.270 --> 01:56.910 So I'm going to double click on a three way handshake. 01:56.940 --> 02:03.480 As you can see, guys, a packet from three way handshake file have been added at the beginning. 02:03.480 --> 02:08.560 Right in that file I had this three way handshake in Sinek and EK. 02:08.610 --> 02:14.220 Now we have to save this merge file separately, right? 02:14.220 --> 02:16.320 What Wireshark basically does. 02:16.320 --> 02:25.920 It basically takes contents or packets from both the files, then, you know, merge them and then we 02:25.920 --> 02:30.060 have to save the merged file separately. 02:30.060 --> 02:30.480 Right. 02:30.480 --> 02:35.700 In this way, Wireshark doesn't affect the existing files. 02:35.700 --> 02:37.830 They are not altered. 02:37.830 --> 02:38.220 Right. 02:38.220 --> 02:40.950 So to save this file, go to the file. 02:40.950 --> 02:46.950 Click on Save as now write the file name, merge the click on Save. 02:46.980 --> 02:49.110 As you can see, file has been saved. 02:49.140 --> 02:50.490 Now let me check. 02:51.000 --> 02:56.670 As you can see, both the files are intact, three way handshake and dummy. 02:56.670 --> 02:57.240 Right. 02:57.240 --> 03:02.700 So Wireshark basically took the contents of both the files. 03:02.700 --> 03:09.090 Then, you know, we saved that merged content into this merged file. 03:09.120 --> 03:18.180 Now if you want to merge the contents of another file into this, then you have to repeat the same process. 03:18.210 --> 03:26.090 Go to the file, click on Merge, then select the file and guys feel free to experiment around you. 03:26.170 --> 03:28.650 No remaining options, right? 03:28.650 --> 03:36.510 If you select the last option, then contents will be appended at the end and the middle option merge 03:36.510 --> 03:37.350 package. 03:37.380 --> 03:42.090 Chronologically, it will append the package according to the timestamp. 03:42.090 --> 03:49.800 Right now let me show you another method of merging multiple files into one. 03:49.800 --> 03:59.790 Now, first thing that you have to do is put all the files that you want to merge in a single directory. 03:59.790 --> 04:00.390 Right. 04:00.390 --> 04:02.970 So open the directory. 04:03.000 --> 04:05.820 Now let me resize this window size. 04:06.830 --> 04:13.780 Now we have to select the files, then drag and drop them into the Wireshark. 04:13.790 --> 04:16.890 So press and hold control button. 04:16.910 --> 04:21.050 Now select the files that you want to merge. 04:21.050 --> 04:23.450 I'm going to merge three way handshake. 04:23.480 --> 04:28.850 Remember, this order of merging will be based on your selection. 04:28.850 --> 04:31.220 So I have selected three way handshake. 04:31.220 --> 04:35.240 So contents of three way handshake will be at the beginning. 04:35.270 --> 04:43.310 Then I'm selecting dummy and contents of a dummy will be appended after the contents or packets of three 04:43.310 --> 04:44.330 way handshake. 04:44.360 --> 04:53.720 Then I'm going to select the packets file now drag and drop the selected files into into the Wireshark. 04:53.720 --> 05:02.630 As you can see guys inside the box it is showing three right it means you are merging contents of three 05:02.630 --> 05:04.400 files and now let me drop it. 05:04.430 --> 05:08.960 As you can see at the beginning, we have contents of three way handshake file. 05:08.990 --> 05:11.390 Then I have contents of. 05:12.040 --> 05:13.600 Other two files. 05:13.750 --> 05:19.120 Now we have to save this merged content into a new file. 05:19.120 --> 05:21.010 So go to the file. 05:21.040 --> 05:26.890 Click on Save as merged to click on Save. 05:26.920 --> 05:30.010 As you can see, file has been saved, right?