[Dshield] Splitting a large PCAP

Pete Cap peteoutside at yahoo.com
Fri Oct 28 16:23:56 GMT 2005


All,

I have been collecting full packets with a snort
sensor at a remote site.  After the first day we
realized that we had not set up snort to start a new
file every so often--this was quickly fixed, but now
we have a 27 GIG file to process.

Any ideas on how I can split this?  Splitcap won't
compile; and I don't think I can just run it through
snort again, seeing as it's already captured!

Thanks in advance,

Pete


	
		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com


More information about the list mailing list