This program merges multiple niftap log files together, to produce an aggregate log which can then be viewed by nifpan, and whose constituent packets are all ordered by their timestamp.
Events in the merged log file are tagged to indicate which session they came from.
The typical motivation for using nifmerge, is that multiple instances of niftap
may have been run simultaneously on a multi-homed host, to capture all its network traffic - each instance monitoring a single interface.
Rather than having to separately run nifpan on each log file and then manually flick between multiple nifpan report files to follow the sequence of related packets, you can simply merge the logfiles together using nifmerge and then run nifpan on the single resulting log file, so as to conveniently view all the host's network traffic along a single time line.
In contrast, if you want to correlate log files created on two different communicating hosts, you would use nifxref.