Zulakis Asked: 2013-01-11 05:18:51 +0800 CST2013-01-11 05:18:51 +0800 CST 2013-01-11 05:18:51 +0800 CST Filter tcpdump file AFTER capturing 772 I captured a really big tcpdump file which now always crashes my wireshark. It was captured with no filters and I need to apply some afterwards to make the file smaller. Is this somehow possible? wireshark 2 Answers Voted Best Answer Khaled 2013-01-11T05:23:39+08:002013-01-11T05:23:39+08:00 Yes, it is possible. You can use the following command: tcpdump -r your_input_file.pcap -w your_output_file.pcap "your_filter" Tcpdump will read the input file, apply the filter, and then write the output file. You need just to come up with the right filter. Jens Meier 2013-01-12T00:59:09+08:002013-01-12T00:59:09+08:00 Try netsniff-ng, it sequentially processes the pcap unlike Wireshark, which tries to load everything into RAM.
Yes, it is possible. You can use the following command:
Tcpdump will read the input file, apply the filter, and then write the output file. You need just to come up with the right filter.
Try netsniff-ng, it sequentially processes the pcap unlike Wireshark, which tries to load everything into RAM.