Andrej,
You could cat the big file and pipe it to dumpcap and tell dumpcap to
generate multiple small files:
cat big.cap | dumpcap -i- -w smaller.cap -b filesize:65536
(this will split up the big file into multiple smaller files of 64MB)
Hope this helps,
Cheers,
Sake
PS IIRC, the reason for the wireshark tools not being able to handle these
large files is due to limitations in the gzip libraries...
----- Original Message -----
From: "Andrej van der Zee" <andrejvanderzee@xxxxxxxxx>
To: <wireshark-users@xxxxxxxxxxxxx>
Sent: Tuesday, August 04, 2009 9:47 AM
Subject: [Wireshark-users] Value too large for defined data type
Hi,
I have a huge tcpdump file of 15GB that I want to break up in pieces
with editcap. But when I try to run editcap on the file, I get the
following errors:
editcap: Can't open huge.cap: Value too large for defined data type
Same goes for "tshark" and "capinfos".
Is there a way I can still use these tools?
Thank you,
Andrej
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
