@echo off

:VERIFY_ARGUMENTS
REM
REM   Verify that there are exactly three command line arguments.
REM

if "%~3" == "" goto :PRINT_USAGE
if not "%~4" == "" goto :PRINT_USAGE
goto :PROCESS_FILES


:PRINT_USAGE
REM
REM  Print the correct usage of this script and exit.
REM

echo Usage: %~n0 ^<input-files^> ^<output-file^> ^<display-filter^>
goto :EOF


:PROCESS_FILES
REM
REM   Strip the command line arguments of quotes and assign them to variables
REM   with meaningful names.
REM
setlocal
set INPUT_FILES=%~1
set OUTPUT_FILE=%~2
set DISPLAY_FILTER=%~3

REM
REM   Loop over all the input files, removing duplicate packets, applying a
REM   display filter, and saving the resulting filenames in the MERGE_FILES
REM   variable for later merging.
REM
for %%f in (%INPUT_FILES%) do (

	REM
	REM   Print the name of the current file for some feedback to the user.
	REM
	echo %%~nxf

	REM
	REM   Remove duplicated packets from the input file and save the result to a
	REM   temporary file named "*-deduped.pcap". This must occur before applying
	REM   the display filter. Otherwise identical packets sent out at periodic
	REM   intervals that aren't duplicates may be removed once intermediate
	REM   packets are no longer present. This generally won't be a problem with
	REM   IP-encapsulated packets because the IP Identifier uniquely identifies
	REM   each packet. Packets without such a field, such as ARPs, are more prone.
	REM
	editcap -d "%%f" "%TEMP%.\%%~nf-deduped.pcap"

	REM
	REM   Apply the display filter and save the result to a temporary file named
	REM   "*-filtered.pcap".
	REM
	tshark -r "%TEMP%.\%%~nf-deduped.pcap" -w "%TEMP%.\%%~nf-filtered.pcap" -R "%DISPLAY_FILTER%"

	REM
	REM   Append the filename to the list of files to be merged. Because of the
	REM   limitations of for loops in modifying variables outside of their scope
	REM   this is accomplished by invoking the :APPEND_MERGE_FILE subroutine.
	REM
	call :APPEND_MERGE_FILE "%TEMP%.\%%~nf-filtered.pcap"
)

REM
REM   Merge all of the files that were created during the loop into a single
REM   file with the name given by the user.
REM
echo Merging results...
mergecap -w "%OUTPUT_FILE%" %MERGE_FILES%

REM
REM   Clean up temporary files and exit.
REM
if exist "%TEMP%.\*-deduped.pcap" del "%TEMP%.\*-deduped.pcap"
if exist "%TEMP%.\*-filtered.pcap" del "%TEMP%.\*-filtered.pcap"
endlocal
goto :EOF


REM
REM   This is a subroutine called from the for loop above that appends a file
REM   name to the list of files to be merged.
REM
:APPEND_MERGE_FILE
set MERGE_FILES=%MERGE_FILES% %1
goto :EOF