When working with packet trace files, the biggest challenge is how quickly these files get out of hand. One trick to make this manageable, is to ‘slice’ your packets.

In most cases, you probably captured the full packet length, but in many cases you might not need all that data. Since I am not examining the payload, I can packet slice, or only save the first 128 Bytes.

Slicing the trace file makes the file size much smaller which allows other tools to process it much quicker. 128 Bytes will provide all the addressing and enough of the protocol for your initial investigation or to determine who is talking to who.

By slicing, the trace file went from approximately 600 MB to 98 MB.