Filter tcpdump file AFTER capturing

tcpdump wireshark filter

Yes, it is possible. You can use the following command:

tcpdump -r your_input_file.pcap -w your_output_file.pcap "your_filter"

Tcpdump will read the input file, apply the filter, and then write the output file. You need just to come up with the right filter.


Try netsniff-ng, it sequentially processes the pcap unlike Wireshark, which tries to load everything into RAM.

Related

finding ldd search path
How do I setup rsyslog to send all logs to multiple remote servers?
How to create linux account with useradd without creating mail spool
svn: E170000: Unrecognized URL scheme for httpxxxx
Security risks of PermitUserEnvironment in ssh
Guaranteeing SSH access on a stressed server
logstash (or graylog?) vs nxLog to collect event logs and csv logs [closed]
How to remove ourselves from nudity blacklists? [duplicate]
Why can't user login on Postgres
How to add language support on CentOS 7 (on Docker)?
Swap being used when RAM is almost half free
Why do EC2 T2 instances sometimes start with zero CPU Credits