Packet Slicing Example
With the increase in bandwidth and the introduction of capture devices, trace files used for analysis have grown. It is common to download or capture 500 MB, or 5 GB trace files. The issue starts when you try to open the trace file in Wireshark.
Before I get into this, I have mentioned in past articles to “know your tools” and determine at what file size Wireshark becomes ‘unusable’ on your system.
In this video I cover how I use editcap to packet slice and reduce the size for the trace file. When I have demonstrated packet slicing in the past I had some pretty good questions sent to me by my readers.
One question was “Does packet slicing result in a faster trace file load time?”. Unfortunately it really depends on a bunch of variables, but generally speaking, yes.
The other question I address in this video is “How long does it take to packet slice a 500 MB trace file?” It depends on your computer system specifications, but pretty fast. Like seconds, not minutes.
Watch the video and get some ideas on how packet slicing can help your packet analysis.
Ещё видео!