Hi,
Have a look at editcap, part of the Wireshark package. It allows you to
cut the thing in pieces.
There's no hard a set rule what the optimum size of a capture is. Some
captures are more memory intensive than others.
Also, depending on what you're trying to find, you'll need shorter or
longer captures.
Have a good look at the command line tools.
Thanks,
Jaap
On Mon, 22 Aug 2011 16:31:49 +0700, Zaki Akhmad wrote:
Hi all,
Just got a pcap file sized 532 MB :|
I was wondering, how big is pcap ideal size to do some analysis? Just
when I opened this file, I need at least 5 minutes on my computer
(dual core, 3 GB memory) to open it.
Or maybe there are tips & tricks to capture and analyze big pcap
file?
Thanks!