I have created a sh script to merge pcap files using 'mergecap' command. But I'm facing an issue. What I need is merge all pcap files older that 5 days, so I use 'find' command to find all files older than 5 days
FILES=$(find /capture/nop/ -maxdepth 1 -name "*.pcap" -mtime +5)
How would I use array FILES in the mergecap command
mergecap -w outfulfile.pcap input1.pcap input2.pcap
And also is there anyway to use use the file name of first and last file merged as the file name of the output file.
Does this do what you want?
#!/bin/bash
FILES=($(find /capture/nop/ -maxdepth 1 -name "*.pcap" -mtime +5))
# Discard path name and extension
TAG1=$(basename "${FILES[0]}" | sed 's/.pcap//')
TAG2=$(basename "${FILES[-1]}" | sed 's/.pcap//')
mergecap -w "output_from_${TAG1}_to_$TAG2" ${FILES[@]}