Accepted file types and automatic uncompressing
When merging capture files the accepted file types are :
*.cap or *.pcap
The Cap/Pcap file format is the most common capture format for Wireshark.
Additional information on this file format can be found in :
https://gitlab.com/wireshark/wireshark/-/wikis/Development/LibpcapFileFormat
https://en.wikipedia.org/wiki/Pcap
*.pcapng
The PcapNG file format is an attempt to overcome the limitations of the currently widely used (but limited) libpcap format.
Additional information on this file format can be found in :
https://gitlab.com/wireshark/wireshark/-/wikis/Development/PcapNg
*.snoop
The Snoop file format is an older capture format still used when network tracing.
Additional information on this file format can be found in :
https://gitlab.com/wireshark/wireshark/-/wikis/snoop
https://tools.ietf.org/html/rfc1761
*.gz or *.gzip
Compressed file format used by many software tools in Linux and Windows.
Additional information on this file format can be found in :
https://en.wikipedia.org/wiki/Gzip
*.zip
Archive compressed file format that can contain files and folders also handled by many tools in Linux and Windows.
Additional information on this file format can be found in :
https://en.wikipedia.org/wiki/Zip_(file_format)
Important remarks :
● When a compressed file contains other compressed files then these files will also be uncompressed. This means that nesting of compressed files is allowed.
● When a zip file contains folders these will also be checked if cap/pcap files, zip or gz files are present and taken into account for the merged output.
● Also nesting of folders is allowed for zip files.
