Hello colleagues. I've setup dumpcap with ring buffer options and now i have around 20 files and 2Gb in total. I know how I can merge all files into 1, but it's too heavy to work with 2Gb file using filters and so on. I know, that from many packets in those files I need only specific tcp.stream. My question is, how can i get file with one tcp.stream only?
Thank you.