Problem:

Lets say that you have captured some traffic with tcpdump, wireshark etc and resulting file is much larger than you anticipated and you can’t analyze the capture until the original file is broken into much smaller segments.

Solution:

This is where tcpdump will come in handy.  The following command will read in your original large file and split it up into evenly sized segments of your choosing.

tcpdump -r <path_to_large_pcap> -C <size_in_MB_that_you_want_the_file> -w <path_to_where_you_want_the_files_saved>

So for instance the following command will break up the file “network.pcap” into multiple 100MB files called “output1”, “output2” and so on.

tcpdump -r ./network.pcap -C 100 -w ./output