Using Splitcap to Help Analyze Your Wireshark Trace Files (by Tony Fortunato)

Local Search

LMT Authors

Chris Greer
(Packet Pioneer)
Denny K Miu
(Man'ority Report)
Joke Snelders
(Tools-Stories)
Paul W. Smith
(Live Long and Prosper)
Tim O'Neill
(The Oldcommguy™)
Tony Fortunato
(The Technology Firm)

By Technology

« Reassembling an Email with Clearsight and Mitec (by Tony Fortunato) | Main | Wireshark: Using Configuration Profiles (by Joke Snelders) »

January 06, 2012

Using Splitcap to Help Analyze Your Wireshark Trace Files (by Tony Fortunato)

I came across this really nifty little utility to help analyze your Wireshark tracefiles.

Splitpcap will use 1 trace file and create various trace files based on your criteria.

For example you can ask splitpcap to create a trace file for all the ip addresses and tcp/udp conversations, or create a trace file for every ip address, plus a ton more.

I especially like the -y L7 switch that will extract the application data or payload and save it in a text file. Just like Follow TCP or UDP Stream.

Enjoy

Continue reading other LoveMyTool posts by Tony Fortunato »

Posted in Protocol Analysis, Tony Fortunato | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00e008d95770883401675f2c99a1970b

Listed below are links to weblogs that reference Using Splitcap to Help Analyze Your Wireshark Trace Files (by Tony Fortunato):

LoveMyTool - Open Community for Network Management and Monitoring

Protocol Analysis, Data Recorder, CALEA, Lawful Intercept, Application Performance, User Experience, Industrial Ethernet, Data Loss Prevention, Deep Packet Inspection, NetFlow, SOX, HIPAA and PCI Compliance, Switching and Routing, Forensics, VoIP, IPTV ... etc.

Local Search

Recent Comments

LMT Authors

Top 10 Posts

Recent Posts

By Technology

January 06, 2012

Using Splitcap to Help Analyze Your Wireshark Trace Files (by Tony Fortunato)

TrackBack

Comments

LMT Advertisers

LMT Sponsors

News From LMT Sponsors