You know the score. You leave a wireshark trace running for an hour and it grows to a couple of GB. When you try and open the file it takes for ever to load and filter.
What do you do?
Well when the customer tells you the problem call happened between 13:00 and 13:30 you filter the trace to only show packets for that time of day
(frame.time >= “feb 20, 2020 14:56:00”) && (frame.time <= “feb 20, 2020 15:10:01.009638000”)
Then what i do, to make the file size smaller and more manageable, is export those packets only to a new file
Now wireshark is alot snapper and there is alot less hay for you to find that needle.