Wireshark-users: [Wireshark-users] Betr: Re: edit a pcap capture to shorten file length?
Hi,
There are different ways to save a selection of the 90MB file.
1: Mark 2 packets and save the selection
Let say, the number of packets in the 90MB file is 90.000.
Right-click on the 1th and 20.000th packet (Packet Summery Line) and choose
Mark Packet (toggle).
File -> Save As -> Packet Range -> select First to last marked -> save
Unmark those packets and mark the 20.001th en 40.000th packet etc.etc.
2: Use a display filter and save de selected packets.
3: Editcap
C:\Program Files\Wireshark\editcap
http://www.wireshark.org/docs/man-pages/editcap.html
C:\Program Files\Wireshark>editcap -c <20000> <90MB.pcap> <SplitFile.pcap>
With the option -c you can define the maximum number of packets per file.
The result will be 5 output files, numbered from 00000 to 00004:
SplitFile.pcap-00000 20.000 packets
SplitFile.pcap-00001 20.000 packets
SplitFile.pcap-00002 20.000 packets
SplitFile.pcap-00003 20.000 packets
SplitFile.pcap-00004 10.000 packets
Grtz
Joan
>On 19 May 2008 Jake Peavy wrote:
>
>On 5/19/08, Stephen Fisher <stephentfisher@xxxxxxxxx> wrote:
>>
>> On Mon, May 19, 2008 at 09:15:08AM -0700, Tracy Dennis wrote:
>>
>> > I'm new to the application, so I apologize if this is a stupid
>> > question. I performed a capture that generated a 90 MB file, but I can
>> > only FTP a 20 MB file maximum to Cisco. Is there a way to cut out or
>> > copy only a part of the capture to generate another PCAP file?
>>
>>
>> Check out the editcap command-line program that comes with Wiresdhark.
>> It lets you split your 90MB file into multiple files with 'x' number of
>> packets each. ot the easiest solution, but if you play with it a bit
>> you should be able to trim down your files.
>
>
>or split,
>or gzip -9 may be enough,
>or an appropriate display filter and then save -> displayed packets only.
>
>
>--
>-jp
>
>Laurie got offended that I used the word "puke." But to me, that's what
her
>dinner tasted like.
>
>deepthoughtsbyjackhandy.com
>_______________________________________________
>Wireshark-users mailing list
>Wireshark-users@xxxxxxxxxxxxx
>http://www.wireshark.org/mailman/listinfo/wireshark-users