Filter tcpdump file AFTER capturing

wireshark tcpdump filter
11,838

Solution 1

Yes, it is possible. You can use the following command:

tcpdump -r your_input_file.pcap -w your_output_file.pcap "your_filter"

Tcpdump will read the input file, apply the filter, and then write the output file. You need just to come up with the right filter.

Solution 2

Try netsniff-ng, it sequentially processes the pcap unlike Wireshark, which tries to load everything into RAM.

Share:
11,838

Related videos on Youtube

Zulakis
Author by

Zulakis

Updated on September 18, 2022

Comments

  • Zulakis
    Zulakis over 1 year

    I captured a really big tcpdump file which now always crashes my wireshark. It was captured with no filters and I need to apply some afterwards to make the file smaller.

    Is this somehow possible?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

TCP Server sends [ACK] followed by [PSH,ACK]
Parsing large tcpdump files in python
Capture Filter with Wildcard in IP Address
frame contains "\x03\x00\x0e\xa8" display filter in wireshark displays packets not containing these bytes
Use Tshark to view json data
Parsing pcap taken from wireshark file using - Java
tcpdump read both ipv4 and ipv6 packets from pcap
Capture packets on Asus router
tcpdump - just packet data
tcpdump filter for given bytes on given position