How can you break large trace or Protocol dump wireshark files ?
Rating: +3
For busy severs the protocol dump or network capture files can quickly grow so big that they become unmanageable at a desktop station , however you can use wireshark to break these big files to samll chunks and analyse them individually
Open to command prompt and go to the directory where wirewhark is installed and at the prompt issue the following command
C:\Program Files\Wireshark> editcap -r input.cap first_output_file.cap 1-10000
This will create a new file first_output_file.cap with first 10000 packets from the input file