Splitting Capture File

Apr 9, 2011 at 10:31 AM
Edited Apr 9, 2011 at 10:32 AM

Hi Guys,

Is there any method to split the capture files programmatically?

 

Cheers!

techguy

Apr 12, 2011 at 10:34 AM

Also added to my question, is there anyway that capture file can be controlled like doing it in circular logging method? My concern is the limitation of file size of capture file.

Kindly share your experience on this scenario.

 

Cheers!

techguy

 

Coordinator
Apr 16, 2011 at 8:04 PM
Edited Apr 16, 2011 at 8:05 PM

Both are possible, techguy.

 

You can split capture files by reading them and dumping the packets to different files.

The circular file would be more complex since it's complicated to keep a file a legitimate pcap file like that. I suggest a simple approach: Use 2 files and write a certain amount of packets (by counting packets or packet sizes). When one file is too big, delete the other file and recreate it filling it with new packets.

 

I hope this helps.

 

Boaz.

Apr 19, 2011 at 8:48 AM

Hi Boaz,

Many thanks from your response and its totally complex to control the PCAP files in this scenario. Is it possible to save each packet directly to DB instead of PCAP files where in DB you don't have to worry of maintaining it while the application is running.

 

Cheers!

techguy

 

Coordinator
Apr 19, 2011 at 7:47 PM

Hi techguy,

 

You can save the packets to DB. You can just take the bytes of the packet and save it in a DB.

 

Boaz.