Feb 27, 2014

[memo] How to cut tcpdump file in Linux

# /usr/sbin/tcpslice -t my.tcp.dump
my.tcp.dump       114y02m27d10h20m28s861544u      114y02m27d10h20m37s097574u
# /usr/sbin/tcpslice -w sliced.my.tcp.dump 14y02m27d10h20m35s +10 my.tcp.dump

+10 means 10 seconds. So sliced.my.tcp.dump has tcp dump of 14-02-27 10:20:35 - 45
Post a Comment