tcpsplit
« Back to VersTracker
Description:
Break a packet trace into some number of sub-traces
Type: Formula  |  Tracked Since: Dec 28, 2025
Links: Homepage  |  formulae.brew.sh
Category: Networking
Tags: networking pcap tcp packet-analysis forensics
Install: brew install tcpsplit
About:
Tcpsplit is a command-line utility that partitions a single packet trace file into multiple smaller sub-traces based on connection boundaries. It intelligently separates TCP streams, allowing for parallel processing and analysis of large network captures. This tool is essential for optimizing performance in network forensic workflows and distributed analysis environments.
Key Features:
  • Splits large PCAP files by TCP connection flows
  • Preserves packet integrity and timing within sub-traces
  • Handles overlapping connections and packet reordering
  • Command-line interface for scripting and automation
Use Cases:
  • Parallelizing network traffic analysis across multiple processors
  • Isolating specific client-server conversations for detailed inspection
  • Reducing memory and processing overhead for large capture files
Alternatives:
  • editcap – Part of Wireshark suite; splits by packet count or time window, not by connection
  • tcpflow – Reconstructs TCP streams into separate files rather than creating trace subsets
Version History
Detected Version Rev Change Commit
Sep 12, 2025 4:21am 0 VERSION_BUMP 9a32a193
« Back to VersTracker  |  Browse Packages  |  About