Awesome Thank you!
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of j.snelders@xxxxxxxxxx
Sent: Friday, May 08, 2009 12:09 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Large files
Hi Ujjval,
You can use editcap to split the file:
http://www.wireshark.org/docs/man-pages/editcap.html
First you can use capinfos to display statistics of the capture file:
http://www.wireshark.org/docs/man-pages/capinfos.html
capinfos -c displays the number of packets in the capture file:
$ capinfos -c test.cap
File name: test.cap
Number of packets: 511145
Next you can use editcap with the option -c to set the maximum number of
packets per output file.
In this example 100.000 packets per file. Each output file will be created
with a suffix, starting with -00000.
editcap -c <packets per file> <inputfile> <outputfile>
$ editcap -c 100000 test.cap split.cap
The following command displays the names of the created capture files and
the number of packets in each file.
$ capinfos -c split.cap*
File name: split.cap-00000
Number of packets: 100000
File name: split.cap-00001
Number of packets: 100000
File name: split.cap-00002
Number of packets: 100000
File name: split.cap-00003
Number of packets: 100000
File name: split.cap-00004
Number of packets: 100000
File name: split.cap-00005
Number of packets: 11145
Hope this helps.
Joan
>From: Ujjval Karihaloo <ujjval@xxxxxxxxxxxxxxxx>
On Fri, 8 May 2009 09:49:23 -0700 Ujjval Karihaloo wrote:
>
>Can we split up large PCAP (about 1 Gig) files so Windows can open then
>and not run out of memory.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
