Here's a small tip of how to split a pcap file by using editcap command which includes wireshark.
Here’s an excerpt of “man editcap”.
-c <packets per file>
Sets the maximum number of packets per output file. Each output
file will be created with a suffix -nnnnn, starting with 00000. If
the specified number of packets are written to the output file, the
next output file is opened. The default is to use a single output
file.
|
[ example ]
split the pcap file ( large.pcap ) per 10,000 packets.
# editcap -c 10000 large.pcap 10000packets-out
|
# ls 10000packets-out-0* | head -5
10000packets-out-00000
10000packets-out-00001
10000packets-out-00002
10000packets-out-00003
10000packets-out-00004
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.