Often we end up collecting more than one PCAP trace file during the sniffing activity. To merge two or more PCAP files into one, use mergecap. The mergecap tool ships with Kali Linux and allows the creation of a single file that you can import into Wireshark for analysis. The following figure shows the usage options of mergecap:

In the following example, we will be creating a single file from two individual .cap files:

#mergecap –w combined.cap inputfile1.cap inputfile2.c
ap