I've got a huge pcap file (100GB) and I'm interested in a small number of packets which I know are numbers 5,000,000 to 5,000,020.
How can I use tcpdump to read a pcap file, filter out packets by packet number (or range), and then write them out to a new pcap file?
You can use a small program named tricap. Tricap is part of Xplico. The source code can be donwload also from here: https://github.com/M0Rf30/xplico/tree/master/system/trigcap