The tcpsplit utility breaks a single libpcap packet trace into some number of sub-traces, breaking the trace along TCP connection boundaries so that a TCP connection doesn't end up split across two sub-traces. This is useful for making large trace files tractable for in-depth analysis and for subsetting a trace for developing analysis on only part of a trace.
The tool has been developed under FreeBSD, but also tested a bit under Linux and Solaris.
Download tcpsplit-0.1.tar.gz
Detached signature of tarball available
here.
A validation script is now available to ensure that the transform conducted by tcpsplit is not causing any loss of data. This script will be included with future releases.