{"id":717,"date":"2012-12-21T12:59:41","date_gmt":"2012-12-21T10:59:41","guid":{"rendered":"http:\/\/www.shukko.com\/x3\/?p=717"},"modified":"2012-12-21T12:59:41","modified_gmt":"2012-12-21T10:59:41","slug":"wireshark-large-files","status":"publish","type":"post","link":"https:\/\/www.shukko.com\/x3\/2012\/12\/21\/wireshark-large-files\/","title":{"rendered":"wireshark large files&#8230;"},"content":{"rendered":"<p>You can use editcap to split the file:<br \/>\nhttp:\/\/www.wireshark.org\/docs\/man-pages\/editcap.html<\/p>\n<p>First you can use capinfos to display statistics of the capture file:<br \/>\nhttp:\/\/www.wireshark.org\/docs\/man-pages\/capinfos.html<\/p>\n<p>capinfos -c displays the number of packets in the capture file:<br \/>\n$ capinfos -c test.cap<br \/>\nFile name: test.cap<br \/>\nNumber of packets: 511145<\/p>\n<p>Next you can use editcap with the option -c to set the maximum number of<br \/>\npackets per output file.<br \/>\nIn this example 100.000 packets per file. Each output file will be created<br \/>\nwith a suffix, starting with -00000.<br \/>\neditcap -c <packets per file> <inputfile> <outputfile><br \/>\n$ editcap -c 100000 test.cap split.cap<\/p>\n<p>The following command displays the names of the created capture files and<br \/>\nthe number of packets in each file.<br \/>\n$ capinfos -c split.cap*<br \/>\nFile name: split.cap-00000<br \/>\nNumber of packets: 100000<\/p>\n<p>File name: split.cap-00001<br \/>\nNumber of packets: 100000<\/p>\n<p>File name: split.cap-00002<br \/>\nNumber of packets: 100000<\/p>\n<p>File name: split.cap-00003<br \/>\nNumber of packets: 100000<\/p>\n<p>File name: split.cap-00004<br \/>\nNumber of packets: 100000<\/p>\n<p>File name: split.cap-00005<br \/>\nNumber of packets: 11145<\/p>\n","protected":false},"excerpt":{"rendered":"<p>You can use editcap to split the file: http:\/\/www.wireshark.org\/docs\/man-pages\/editcap.html First you can use capinfos to display statistics of the capture file: http:\/\/www.wireshark.org\/docs\/man-pages\/capinfos.html capinfos -c displays the number of packets in the capture file: $ capinfos -c test.cap File name: test.cap Number of packets: 511145 Next you can use editcap with the option -c to set [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-717","post","type-post","status-publish","format-standard","hentry","category-kategerisiz"],"_links":{"self":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/comments?post=717"}],"version-history":[{"count":0,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/717\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/media?parent=717"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/categories?post=717"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/tags?post=717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}