Hi Guys, I tried to split a 1,3GB pcapng file with following instruction: editcap -i 60 "input.pcapng" "output.pcapng" This seems to be working correctly. But If I try to open those splitted files, wireshark just hangs and nothing happens. Somebody any idea? Greets Kay asked 10 Jan '17, 08:24  rocKay edited 10 Jan '17, 08:27 showing 5 of 7 show 2 more comments |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
can you try splitting by packet number using "-c" instead, e.g. "-c 100000" to see if that works?
i've tried that also, but with the same result.
Could you post a 'capinfos' analysis of one such file? Even better, are you able to share one such split up file?
Splitted File
Alright, attached one of the splitted files.
I got no problem opening the file with Wireshark 2.2.2 on Linux x64. On which OS are you running your test?
Running on Win7 x64. I've tried again and after a very long time the record opened also for me. But that was really much longer than opening the original 1,3GB one. I get "Wireshark (no reaction)" in the program and it seems to hang.
For the heck of it, you could try to write (via "
-F pcap") a.pcapfile instead of the default.pcapngfile?