Wireshark-users: Re: [Wireshark-users] Help on tcpdump or dumpcap
|
Yes – that’s the idea. Even if
you capture some really large trace files that take too long to load, you can
use editcap to split the file into smaller pieces. Type editcap –h for
more information, but the syntax is… Editcap –c 100000
<capturefilein> <capturefileout> Where <capturefilein> is the name of
your really large capture file and <capturefileout> is the starting name
of your output files. Editcap will number the output files for you. Laura This message is intended only for the use of the addressee and may
contain information that is privileged and confidential. If you are not the
intended recipient, you are hereby notified that any use and/or dissemination
of this communication is strictly prohibited. If you have received this
communication in error, please delete all copies of the message and its
attachments and notify the sender immediately. From:
wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of ARAMBULO, Norman R. Thanks for the response, yup I know that wireshark or ethereal
cant handle large amount of data, so does tcpdump and dumpcap capable of
handling such data, can we use it to capture large amount of data, save it to
multiple files for Tshark or Tethereal for post process. Pls advise and thanks
--
Albert Einstein |
- References:
- Re: [Wireshark-users] Help on tcpdump or dumpcap
- From: ARAMBULO, Norman R.
- Re: [Wireshark-users] Help on tcpdump or dumpcap
- Prev by Date: Re: [Wireshark-users] Help on tcpdump or dumpcap
- Next by Date: Re: [Wireshark-users] Buffers size, ring buffer and multiple files
- Previous by thread: Re: [Wireshark-users] Help on tcpdump or dumpcap
- Next by thread: [Wireshark-users] no more new SVN build found at http://www.wireshark.org/download/automated/win32/
- Index(es):