Hi,
I am trying to turn a large trace file (500MB) into a simple text file
with only a few pieces of information for each packet (such as time,
source ip, destination ip, protocol, etc) so I could put them neatly in
an array for another program to I have written to read.
What I wanted to do was open the trace file in ethereal and then export
it to a text file. However, I believe the file is too large causing
ethereal to crash when I attempt to open this file.
Another option I was thinking was split the files into pieces and then
reassembling them back at the end. I tried doing this with editcap
except that when I split the files, I would have to compute the exact
time of the first packet in the next split file in order to appropriate
set the times, which would be very troublesome (and I couldn't even find
a way to use editcap to adjust the timing). Assuming I am able to split
these files with the correct timing, I would have to open split files in
ethereal, and export them to a text file and reassemble them with some
program that I write. Is there a simplier way to do this - perhaps there
is a command line function I could type to open up the 500MB file and
export to a text file only the field pieces of information I need for
each packet?
Or can I use tethereal to split the file into smaller pieces? I tried
tethereal but I could not the duration function to work. i.e. if I wrote:
>tethereal -a duration:1 -r file -w newfile
I would get one file with a duration of larger than 1 second? I don't
understand this. Could I use this to split the files into time
durations, of let's say 1 second?
Thanks for the help.
Garrick