Today I wanted to merge several pcap files into one bigger file. Mergecap which is shipped with wireshark seemed to be a good tool for that task.
Since the pcap files where scattered into several directories under traces_files/, I needed to use find to gather all the file names. When trying to merge them together using
mergecap -w worms.pcap $(find ./ -name “*.pcap”)
there was an error message:
mergecap: Can’t open .//dir/file.pcap: Too many open files
If you do encounter that problem, you should check your open files limit with ulimit -n. Increase that value with ulimit -n