Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: Re: [Ethereal-users] Editcap Syntax Help Please

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Thu, 21 Oct 2004 09:43:22 -0700
Keith A French wrote:
I am trying to use editcap to split up a large capture file into smaller chunks. The syntax I am trying is:- editcap c:\test\source.cap -r 1-5000 c:\test\dest.cap I am trying to send the first 5000 packets to the file dest.cap, but it does not work. Please can somone give me an example? 

	editcap -r c:\test\source.cap c:\test\source.cap 1-5000
Options, such as "-r", have to come before non-option arguments, such as the input and output file names and the list of packet numbers. The man page says: 

    SYNOPSYS
       editcap [ -F file format ] [ -T encapsulation type ] [ -r ] [ -v ]
       [ -s snaplen ] [ -t time adjustment ] [ -h ] infile outfile
       [ record# ... ]
so you first have the options, then you have the input file name, then you have the output file name, then you have the packet numbers.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube