A very large file can be analyzed by breaking it into smaller parts and then analyzing the smaller files.
To do so follow the below steps.
1. C:\Program Files\Wireshark>capinfos.exe largefile.pcap
this will display details about this file like the total number of packets. and accordingly you can decide how many packets you want in a particular file [ so if the old file had 200000 packets and you want new files to be of 50000 Packets then we will get 4 new smaller files created.
2. Now just create new smaller files from the old large file by using the command
C:\Program Files\Wireshark>editcap.exe -c 50000 oldfile.pcap new_smallfile
It will create new 4 files of around 50000 packets each and you can then open those files with Wireshark.
That's it and in case you need to join those files then we can use the MERGE option of Wireshark.
No comments:
Post a Comment