The tcpsplit utility breaks a single libpcap packet trace into some number of sub-traces, breaking the trace along TCP connection boundaries so that a TCP connection doesn't end up split across two sub-traces. This is useful for making large trace files tractable for in-depth analysis and for subsetting a trace for developing analysis on only part of a trace.
The tool has been developed under FreeBSD and OSX, but also tested a bit under Linux other unix variants.
Download tcpsplit-0.2.tar.gz
Detached signature of tarball available
here.
See the ChangeLog for details about new features and updates in the current version.
A validation script is included to ensure that the transform conducted by tcpsplit is not causing any loss of data.