[Dshield] Splitting a large PCAP
peteoutside at yahoo.com
Fri Oct 28 16:23:56 GMT 2005
I have been collecting full packets with a snort
sensor at a remote site. After the first day we
realized that we had not set up snort to start a new
file every so often--this was quickly fixed, but now
we have a 27 GIG file to process.
Any ideas on how I can split this? Splitcap won't
compile; and I don't think I can just run it through
snort again, seeing as it's already captured!
Thanks in advance,
Yahoo! Mail - PC Magazine Editors' Choice 2005
More information about the list