I got .pcap files that need to be split into time intervals (eg: 1 sec). That means for example the first set of packets that arrived in first 1 second, then next set of packets arrived in the next 1 sec so on.. When I use the below python (3.7) code the files gets split. But the ‘time delta from previous displayed frame’ value is different in all the split files. It gets assigned to zero. The time delta of other packets are correct. Only the first packet of all the split files is different. I need the split files to have the same values as original file. How can I change my python code to split the .pcap files and to get the same values as the original file. Is there any other way than using editcap?
import os
startdir='.'
for root, dirs, files in os.walk(startdir):
for file in files:
if file.endswith('.pcap'):
filename=os.path.join(root,file)
cmd = 'editcap -i 1 "{}" "{}"'.format(filename,filename)
os.system(cmd)
You can use editcap and it does accept floating point values (e.g. 0.5):
More details here - https://www.wireshark.org/docs/man-pages/editcap.html