Ask Your Question

How to get random packets from a .pcap file?

asked 2017-11-02 03:13:07 +0000

Utku gravatar image

updated 2017-11-02 03:45:56 +0000

I am trying to get a random subset of packets from a .pcap file. To do so, I have written the following shell script:

selected_packet_numbers=$(shuf -i 0-"$large_number" -n "$smaller_number")
editcap -r capture.pcap capture-selected.pcap $selected_packet_numbers

However, editcap is giving me the following error:

Out of room for packet selections

Using a shell loop would take an unreasonably long time.

What can I do to select a random subset of packets from a .pcap file?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2017-11-02 05:05:53 +0000

martyvis gravatar image

Unless something has changed, there will be a limit to the number of packets or ranges you can specify in a single run of editcap (it might be still 100 or could have been increased to 512)

So you might need to work with that.

edit flag offensive delete link more



In Wireshark 2.x this is set to 512.

Jaap gravatar imageJaap ( 2017-11-02 06:49:48 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2017-11-02 03:13:07 +0000

Seen: 48 times

Last updated: Nov 02