How to Break Up Large tcpdump Files

tcpdump

Solution 1:

I've used editcap in the past, with great success.

editcap -c 1000 large-in.pcap smaller-out

That command should generate one or more files named smaller-out-00000, smaller-out-00001 and so on, containing the firs, second, etc thousand packets from the input file.

Solution 2:

TCPSplit will do this. It even makes sure that you don't lose TCP sessions in the break.

Solution 3:

You can use editcap to do split based on number of packets (or time range), or if you really need to split based on size, try this script.

Related

How to enable directory browsiing in IIS7?
How do I migrate a KVM guest from host to another?
How can I install wsgi on CentOS using yum?
how to send a file into clipboard from command line (CLI)?
How to correctly run cables on servers in a data center?
nginx auth password or ip
scp via java
How to get row count using ResultSet in Java?
How do I send a string from one instance of my Delphi program to another?
Hosting CLR in Delphi with/without JCL - example
Camera Tutorial for Android (using surfaceview)
Jsoup Cookies for HTTPS scraping