Today I wanted to merge several pcap files into one bigger file. Mergecap which is shipped with wireshark seemed to be a good tool for that task.

Since the pcap files where scattered into several directories under traces_files/, I needed to use find to gather all the file names. When trying to merge them together using

mergecap -w worms.pcap $(find ./ -name "*.pcap")

there was an error message:

mergecap: Can't open .//dir/file.pcap: Too many open files

If you do encounter that problem, you should check your open files limit with ulimit -n. Increase that value with ulimit -n .