Quote:
|
Originally Posted by chesh
What's the easiest way to cut down my 770mb pcap file to 1mb?
chesh
|
Sample the first few thousand files with tcpdump:
$ tcpdump -r bigfile.dump -w smallfile.dump -c 2000
Repeat until the "-c" number gives you what you want.
Note: This will not work with tethereal, the "-c" behavior does not work when reading from a stored capture file.
-Josh