On Dec 9, 2011, at 11:41 AM, Rick Jones wrote:
> I have some packet captures which were taken with a snaplen of 128 bytes, but
> I would like to convert that to one with a snaplen of say 66 bytes. The
> existing tcpdump/libpcap does not *seem* to do that - is there already a
> utility out there which can,
Wireshark's editcap can:
editcap -s {snaplen} {input file} {output file}
will copy all the packets from {input file} to {output file} and cut them short
at {snaplen}.
> or is this an "enhancement opportunity?"
Perhaps
tcpdump -s {snaplen} -r {input file} -w {output file}
should do that.-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
