Get a chunk of PCAP from a larger PCAP

One way of extracting pcap within a time constrain.

 

#editcap -A "2013-02-19 05:19:00" -B "2013-02-19 05:21:00" Input.pcap output.pcap

http://www.thesprawl.org/research/packet-filtering/

Second method

wireshark -r input.tcpdump -w output.tcpdump -R 'frame.time >=  "Aug 15, 1990 00:00:00" && frame.time <= "Aug 15, 1990 00:01:00"