 | 1 | initial version |
I used to work with massive 800MB captures... hundreds of them.
You start using tshark for management like the following:
tshark -i 1 -b filesize:800000 -w 800mb.pcapng
Then you use tshark to read hundreds of files for certain specific things like IP address, http contains, tcp contains, frame contains, etc.
I perform a MSDOS prompt dir and dump the *.pcapng files to a 800mb.txt text file. Read it into Excel using .csv format and then create your recursive search for what ever it is you want for every file in the list. I've used it on up to 233 files x 800MB each and it works.
Cheers,
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
