 | 1 | initial version |
I usually throw them all into TraceWrangler at once (as @NJL suggested already), and use the Tools/Communication Details menu option to look at the conversations I need. Double clicking a row extracts all packets of the conversation to a new PCAP and runs Wireshark to open it for investigation.
It's also possible to use extraction tasks to extract only those conversations with a Snort alert to inspect them specificially.
TraceWrangler is available here: https://www.tracewrangler.com
