Wireshark Trace file too large to open

While looking for an evasive SIP Gateway related problem I used wireshark to collect additional traffic. Unfortunatly once I had taken the wirshark capture file (which had grown to almost 2 GB) to my laptop for analyzing I found that it lacked sufficient memory to load this enormous capture file.

I found that wirshark shipped with tools that have the ability to split the capture to a manageable size. How does it work?

You can split the capture file as follows:-

1. From CMD Navigate to c:\Progran Files\Wireshark

2. Run the command: capinfos -c c:\xxxxx.pcap – Where xxxxx.pcap is your capture file

3.  This will give you the number of packets in the trace so can decide how to split the file. Only 290 packets in my screenshot 🙂

4. Run the command: editcap -c 400000 c:\xxxxx.pcap c:\splittrace.pcap – Where 400000 is the number of packets in each output split segment, and the source and destination files are mentioned next
5. You will now have as many files as required to complete the split, they will be called what you stated as the dest file above followed by -0000, -0001 etc

About Paul B

My name is Paul Bloem and I am employed at Lexel Systems in New Zealand as a Principal Consultant for Unified Communications. I have been working on enterprise voice solutions for over 20 years. My first 10 years were spent working for a Telco in South Africa (Telcom SA). This is where all the groundwork happened as I was exposed to just about every aspect of telecommunication you could imagine. I develop an interest in PBX technologies and eventually became the go-to guy. Next, I had a 10 year run at Siemens South Africa, most of my time there was as a Technical Trainer. During this time VoIP hit the world stage, I had the privilege of introducing VoIP both as H.323 and later SIP across the Siemens HiPath 4000 solution stack. In 2008 I immigrated to New Zealand with my newly attained MCSE, I was ready to go where no PBX Techie had gone before. I was employed to explore OCS 2007 and that was pretty much the beginning of the end for me. I have been working on OCS and Lync ever since. My current role focuses exclusively on Lync and associated technologies.. That includes pre-sales, consulting, architecture and design, training and support. I even get to play in the development space from time to time - focus on play ;-) I was nominated as a Microsoft VTSP for Lync early in 2013 and also awarded Microsoft's MVP award for Lync in 2014.
This entry was posted in Quick Reference Guide, Troubleshooting, Wireshark. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s