FeatReq: follow mode #6
Description
Since this appears to be the only tool currently allowing a directory to specify the source of pcaps, it would be useful to have a "follow" mode where joincap can merge existing files, but watch the final file for growth as well as watch the specified directory for new pcaps to join. The goal would be to allow one tool to write pcaps while joincap to reads and follows what's written in near-realtime for streaming to other tools that consume pcaps.
If implemented, it may also be necessary to have a start-time option that suppresses output of any packets prior to a given date/time. That would allow one to restart an aborted joincap in follow-mode from a given point without needing to clear out already processed files from the source directory.