Capturing traffic using tcpdump is a wonderful thing, especially when you can then watch all the captured traffic in a convenient view. But usually in the process of monitoring the network, a huge array of data is accumulated, which, at best, has to be broken down into files with a limited size (so that the same wireshark does not choke).
The question is: can you suggest the most convenient tool (preferably open source), which would then allow filtering on these pcap files? Ie, apply the filter directly to the file array.
PS The target is to ensure the detection of specific attacks. So you need to perfectly wrap traffic through any means of analyzing suspicious packets and detecting attacks.
