How to work with large PCAP files generated from NetSim Simulations? : NetSim Support Portal

How to work with large PCAP files generated from NetSim Simulations? Print

Modified on: Thu, 29 Apr, 2021 at 9:37 AM

Large PCAP log files cannot be directly opened in Wireshark. However, these files can be modified easily using several ways to view and analyze them.

Some of the ways are explained here:

Split based on packets per file: split the packet output to different files based on uniform packet counts with a maximum of <packets per file> each

Syntax:

C:\Program...\Wireshark>editcap.exe  -F pcap  -c <Packets_per_File> C:\path_to\Name_of_Large_Traffic_Capture_File.pcap C:\path_to\Name_of_Smaller_Traffic_Capture_File.pcap

Example:

Output:

Split based on seconds per file: split the packet output to different files based on uniform time intervals with a maximum of <seconds per file> each.

Syntax:

C:\Program...\Wireshark>editcap.exe  -F pcap  -i <seconds per file> C:\path_to\Name_of_Large_Traffic_Capture_File.pcap C:\path_to\Name_of_Smaller_Traffic_Capture_File.pcap

Example:

Output:

Refer to editcap - The Wireshark Network Analyzer 3.4.4 for further details.

Did you find it helpful? Yes No

How to work with large PCAP files generated from NetSim Simulations? Print

Related Articles