[Intrusions] Looking to split a 4 gig windump file
Ritesh Rekhi
rrekhi at foundrynet.com
Fri Mar 11 17:59:44 GMT 2005
Hi Jack,
I Tried the commands which you gave and it worked. It's very
useful for analyzing the traces. Thanks for sharing it with the list.
Regd's
Ritesh
-----Original Message-----
From: intrusions-bounces at lists.sans.org
[mailto:intrusions-bounces at lists.sans.org]On Behalf Of Jack McCarthy
Sent: Thursday, March 10, 2005 11:04 AM
To: Intrusions List (GCIA Practicals)
Subject: Re: [Intrusions] Looking to split a 4 gig windump file
Why off list? Sounds like it's on topic to me and I'm sure we'd all like to
know the results...at least I would.
If you've already installed Ethereal, then you should have Editcap installed
too.
http://www.ethereal.com/docs/man-pages/editcap.1.html
Running this from a command line cuts a 593mb cap file down to 273mb - first
half of the file.
c:\> editcap -r infile outfile 1-300000
and this gives me the second half at 320mb.
c:\> editcap -r infile outfile 300001-900000
Adjust your numbers accordingly and it should work.
-jack
--- anthony reyes <areyesny at yahoo.com> wrote:
>
> Hi all,
>
> Im looking to split a 4Gig Windump file. I've tried
> several ways in both Linux & Windows with no success.
>
> I've used tcpsplit, split, ethereal, Iris, windump,
> tcpdump, snort, snortsnarf, acid, grep (painful) and
> several other ways. Any ideas. Please contact me off
> the list.
>
> Thanks,
>
> Anthony Reyes
>
>
>
> ---------------------------------
> Celebrate Yahoo!'s 10th Birthday!
> Yahoo! Netrospective: 100 Moments of the Web
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
_______________________________________________
Intrusions mailing list
Intrusions at lists.sans.org
http://www.dshield.org/mailman/listinfo/intrusions
More information about the Intrusions
mailing list