On 2014-08-13, Kevin Chadwick <[email protected]> wrote: > previously on this list Kevin Chadwick contributed: > >> [ -C file_size ] >> [ -W filecount ] >> >> tcpdump.orgs tcpdump has the above options so that you can constantly >> log and yet open a file of a certain time quickly with wireshark. >> >> I am trying to come up with some magic for doing similar with the more >> secure and in base tcpdump without porting the c so if anyone already >> does this then please let me know? >> >> Thanks, Kc > > I think split should work. I love Unix > > #!/bin/sh > until /bin/dd if=/dev/zero | split -b 1k > do > /bin/dd if=/dev/zero | split -b 1k > done >
There are headers to deal with. You might get somewhere with tcpslice or pcapmerge; if neither of these do what you want, pcapmerge is written in perl and shouldn't be too difficult to modify or use as a base for something else.
