In some cases, it may be necessary to split large PCAP files into smaller pieces for use with Eye P.A., or to make them easier to move around.
This solution should work in macOS and most Linux distributions without any additional software.
Splitting PCAP Files with tcpdump
1. Open up the Terminal.
2. Navigate to the directory where your PCAP file is stored with the cd command.
3. Run tcpdump -r <input_pcap> -w <output_pcap> -C <file_size>, where input_pcap is the name of the fie you want to split, output_pcap is the output, and <file_size> is the approximate size of the split files in megabytes.
For example: tcpdump -r input_packet_capture.pcap -w output_packet_capture -C 25 will split the file into ~25mb chunks.
4. To make the files easier to open in Eye P.A., you might want to rename the output files to include .pcap or .wcap extensions.
5. You can now move the files to your Windows machine, Windows partition, or Windows VM for use with Eye P.A.
The output size that you choose depends on your application, but if you're trying to split up a very large file for use with Eye P.A., start with a 100mb file, which would be -C 100 in tcpdump.