Hi all,
This is my first post to the list so please be gentle :D
I have a pcap file including both directions traffic from a bunch of
servers and clients. Im aware I can create a cache file of such pcap in
order to "split" it in multiple ways. Actually I have already done so.
The p
I would be easier to accomplish this using wireshark. Simply open the
pcap, filter on one direction save the displayed packets and repeat for
the other side.
On 05/25/2012 04:26 AM, Jaime Nebrera wrote:
> Hi all,
>
> This is my first post to the list so please be gentle :D
>
> I hav
Interesting I didn't consider that
Still, the pcaps are big, like 1 to 2 Gb. Might be a bit too much for WS
Any way to do so from command line so I can automate it?
Enviado desde Xperia™ S
Original Message
Subject: Re: [Tcpreplay-users] Split pcap in 2 directions
From: James B
Yeap you can Use tshark instead of Wireshark...
On Fri, May 25, 2012 at 3:23 PM, Jaime Nebrera
wrote:
> Interesting I didn't consider that
>
> Still, the pcaps are big, like 1 to 2 Gb. Might be a bit too much for WS
>
> Any way to do so from command line so I can automate it?
>
> Enviado desde Xp
On Fri, May 25, 2012 at 8:23 AM, Jaime Nebrera
wrote:
> Still, the pcaps are big, like 1 to 2 Gb. Might be a bit too much for WS
>
> Any way to do so from command line so I can automate it?
>
tcpdump should work.
The format would be something like:
$ tcpdump -r -w src
$ tcpdump -r -
Actually I would prefer to some way usr the cache file already generated
As the pcap files are from public repositories (for IPS testing) it would be
quite a job to gather all client and server IPs in order to split it this way,
specially since tcpprep already did the job
Even more, I would lov
Hmmm that's a challenge then. To be fair, I'd usually use tcpdump
for this purpose.
Anyways, the only way I can think of right now given the existing
tcpreplay/tcpprep code to do what you want is this *ugly* hack:
Run:
tcpdump -i eth0 -s0 -w primary.pcap &
tcpdump -i eth1 -s0 -w secondary.pc
