[Dshield] Splitting a large PCAP

Pete Cap peteoutside at yahoo.com
Fri Oct 28 16:23:56 GMT 2005


I have been collecting full packets with a snort
sensor at a remote site.  After the first day we
realized that we had not set up snort to start a new
file every so often--this was quickly fixed, but now
we have a 27 GIG file to process.

Any ideas on how I can split this?  Splitcap won't
compile; and I don't think I can just run it through
snort again, seeing as it's already captured!

Thanks in advance,


Yahoo! Mail - PC Magazine Editors' Choice 2005 

More information about the list mailing list