Wireshark

  • Riverbed Technology
  • WinPcap
SHARKFEST '13 - Wireshark Developer and User Conference - June 16-19, 2013 - UC Berkeley
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: [Wireshark-users] mutlpile traces in a single pcap file - how to split?

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Mahesh Thiagarajan <mahesh.thiagarajan@xxxxxxxxxx>
Date: Fri, 25 Sep 2009 12:01:05 +0530

Hi,

I am analyzing a PCAP file that contains mac layer to phy layer (the mac and cap exist on different processors and communicate over ethernet)traces of multiple machines.
The frames of both machines look alike, in terms of ethernet source , destination address etc.

Question:

1. How  to now split the trace file into individual machine traces ?

Thanks,
Mahesh
  • Prev by Date: [Wireshark-users] Searching for a particular sequence in a packet
  • Next by Date: Re: [Wireshark-users] print number of packet based on filter in a file
  • Previous by thread: Re: [Wireshark-users] Searching for a particular sequence in a packet
  • Next by thread: Re: [Wireshark-users] OpenBSD enc0 capture from tcpdump failes to decode
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation