Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2020-01-03 20:00:46 +0000

Bob Jones gravatar image

This discussion has some different ways:

https://serverfault.com/questions/131872/how-to-split-a-pcap-file-into-a-set-of-smaller-ones

Everyone has their preference, but I prefer:

tcpdump -r old_file -w new_files -C 10

Where C is in MB. Another good discussion on the topic using editcap:

https://blog.packet-foo.com/2018/07/pcap-split-and-merge/