Re: trimming bytes from already captured packets

[Guy Harris <guy () alum mit edu>]

On Dec 9, 2011, at 11:41 AM, Rick Jones wrote:

> I have some packet captures which were taken with a snaplen of 128 bytes, but I would like to convert that to one 
> with a snaplen of say 66 bytes.  The existing tcpdump/libpcap does not *seem* to do that - is there already a utility 
> out there which can,

Wireshark's editcap can:

        editcap -s {snaplen} {input file} {output file}

will copy all the packets from {input file} to {output file} and cut them short at {snaplen}.

> or is this an "enhancement opportunity?"

Perhaps

        tcpdump -s {snaplen} -r {input file} -w {output file}

should do that.-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.