“C:datasetsdataset.pcap” is the path to input file and “C:datasetsanondataset-split-.pcap” contains the path and the name template of the output files. The option -c 300000 defines the maximum amount of packets in a single output file. Since editcap lacks a GUI, we need to use Windows Command Prompt interface.įirst, we need to change directory to Wireshark’s installation directory where editcap is located, by default it is C:Program FilesWireshark: cd "C:Program FilesWireshark"Ī typical Windows command to split a file using editcap looks something like this: editcap -c 300000 "C:datasetsdataset.pcap" "C:datasetsanondataset-split-.pcap" To split up PCAP files we use Wireshark’s editcap feature. Since a typical network traffic dataset usually consists of PCAP/pcapng files that are several gigabytes in size, you will need to split the files in question into smaller, more digestible chunks. First of all, the maximum size of a file that TraceWrangler can open is 2 GB. TraceWrangler is very easy to use and has an intuitive GUI:
We use TraceWrangler for network data anonymization on OSI Layers 2 through 4. In order to not reveal your network infrastructure and/or other sensitive data, you must anonymize these files before sharing them with anyone outside of you organization.
Sometimes you may need to provide PCAP files to third-party organizations or perhaps, in our case, publish a network traffic dataset. Network traffic dataset PCAP anonymization
0 kommentar(er)
