Split pcap to multiple files based on number of packets

2019-06-03 1 min read bash Learning Linux
Here is a script that can use tshark to split a large pcap to multiple small pcaps inpcap="test.pcap" max=$(tshark -r $inpcap -n -T fields -e frame.number|tail -1) # This is the number of packets in each split pcap c=1 # Save all new pcaps to out, if it does not exist, create it. [[ ! -d out ]] && mkdir out for i in $(seq 1 $max $c) do tshark -r $inpcap -n -c $c " Continue reading