我想用Tcpdump拆分pcap文件
拆分方式是拆分固定时间段的文件。
如拆分Monday.pcap中的1:00pm-1:30pm的数据包到1.pcap中,指令改怎么写。
我查阅了tcpdum的手册,http://man.he.net/?topic=tcpdump§ion=all ,没找到。
请问有知道的吗
tcpdump 应该不好直接实现,过滤方式是捕获过滤,几个方法可以试下:
C:\Program Files\Wireshark>editcap.exe
Usage: editcap [options] ... [ <packet#>[-<packet#>] ... ]
and must both be present.
A single packet or a range of packets can be selected.
Packet selection:
-r keep the selected packets; default is to delete them.
-A only output packets whose timestamp is after (or equal
to) the given time (format as YYYY-MM-DD hh:mm:ss[.nnnnnnnnn]).
-B
given time (format as YYYY-MM-DD hh:mm:ss[.nnnnnnnnn]).