Opened 15 years ago
Last modified 15 years ago
#30 new enhancement
tracesplit should be able to split by tcp connection
| Reported by: | matt@… | Owned by: | perry |
|---|---|---|---|
| Priority: | minor | Milestone: | libtrace3 |
| Component: | tools | Version: | 3.0 |
| Keywords: | Cc: |
Description
I would like to be able to use the tracesplit utlity to split a large trace into a series of smaller traces where each smaller traces contains a single tcp connection.
I imagine in the case of incomplete connections they could simply be thrown away when using this option.
The UI might be something like
tracesplit pcap:bigtrace.pcap -t smalltrace
Note: See
TracTickets for help on using
tickets.
I'd just split by 5 tuple rather than by TCP connection. This would mean incomplete connections would end up in their own file.