Wireshark-dev: Re: [Wireshark-dev] compare two capture files and io graph

From: michele <michele@xxxxxxxxx>
Date: Sun, 01 Feb 2009 11:59:26 +0100

michele wrote:

I need to compare two different capture files, looking for similarities
in both of them. Using a modified version of IO Graph and a new field
which counts the cumulative frames length, I'm plotting a cumulative
graph of bytes over time. Now I want to (graphically) compare two
different dumps; this means having two normalized curves [1] plotted in
the same graph area.

Do you have any implementation suggestion?

I try to respond to myself.

The capture A contains the packets exchanged during the access to three different web sites, say 1, 2 and 3. The capture B contains the packets exchanged during the access of the web site 1.

(The modified version of file.c I'm using, performs a cumulative count of frame length, separating the three different site downloads using a delta value for the relative time field.)

The graphic comparison can be done in the following way:

- merge captures A and B
- (normalize the time of the two captures)

- try to find a match between A and B moving the horizontal scroll bar of IOGraph window (a second new horizontal scroll bar must be added).

Is this reasonable for you?