ait.core.bin.ait_pcap_segment module

Segments one or more pcap files into multiple pcap files, according to a threshold number of bytes, packets, and/or seconds. New segment filenames are determined based on a strftime(3) format string and the timestamp of the first packet in the file.

When segmenting based on time (-s, –seconds), for file naming and interval calculation purposes ONLY, the timestamp of the first packet in the file is rounded down to nearest even multiple of the number of seconds. This yields nice round number timestamps for filenames. For example:

ait-pcap-segment -s 3600 %Y%m%dT%H%M%S.pcap foo.pcap bar.pcap

If the first packet written to a file has a time of 2017-11-23 19:28:58, the file will be named:

20171123T190000.pcap

And a new file will be started when a packet is written with a timestamp that exceeds 2017-11-23 19:59:59.

ait.core.bin.ait_pcap_segment.main()