Is there a way to take a already captured file (like 150mb) and turn it into several smaller files that are easier to manage? asked 17 Nov '11, 08:48  gtefft |
One Answer:
Yes, you can slice it into smaller files using editcap -c 100000 <infile.pcap> <outfile.pcap>, which will slice the infile.pcap in multiple files with 100,000 frames each (or any other number you put in there). editcap is installed together with the wireshark executable. As long as you can load the file into Wireshark you might also save partial files using the "save as" option, and use the "Packet Range" pane to set the boundaries, for example a range like "1-100000", followed by "100001-200000", etc. answered 17 Nov '11, 08:53  Jasper ♦♦ edited 17 Nov '11, 08:54 |
thanks so much