Wireshark mailing list archives

Re: Tool to compare dumps from two hosts and highlight inconsistencies

From: Sake Blok <sake () euronet nl>
Date: Fri, 19 Mar 2010 21:53:49 +0100

On 19 mrt 2010, at 20:21, Jeff Morriss wrote:

Kamens, Jonathan wrote:

In a nutshell, I want to capture TCP packets on two hosts and then run 
the two packet captures through a tool which analyzes both sides of the 
connection and highlights anomalies.  The one I'm most interested in is 
packets that were sent by one side and never received by the other.

Does anything like this exist?


I think pcapdiff is supposed to do that:

http://www.eff.org/testyourisp/pcapdiff/


And wireshark (a recent development version) is also capable of comparing tracefiles. See the following bugs:

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2589
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3724

Cheers,


Sake

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Tool to compare dumps from two hosts and highlight inconsistencies Kamens, Jonathan (Mar 19)
- Re: Tool to compare dumps from two hosts and highlight inconsistencies Jeff Morriss (Mar 19)
  - Re: Tool to compare dumps from two hosts and highlight inconsistencies Guy Harris (Mar 19)
    - Re: Tool to compare dumps from two hosts and highlight inconsistencies Jeff Morriss (Mar 19)
  - Re: Tool to compare dumps from two hosts and highlight inconsistencies Sake Blok (Mar 19)