Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 2516] New: Compare two capture files

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 2 May 2008 00:27:02 -0700 (PDT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2516

           Summary: Compare two capture files
           Product: Wireshark
           Version: SVN
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: vcondole@xxxxxx


Build Information:
wireshark 1.0.99 (SVN Rev 25206)

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.5, with GLib 2.14.6, with libpcap 0.9.7, with libz
1.2.3, with POSIX capabilities (Linux), without libpcre, without SMI, without
ADNS, without Lua, with GnuTLS 1.6.3, with Gcrypt 1.2.4, with MIT Kerberos,
without PortAudio, without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.6.24.5-85.fc8PAE, with libpcap version 0.9.7.

Built using gcc 4.1.2 20070925 (Red Hat 4.1.2-33).

--
The goal is to detect foreign intrusion, so the capture files are produced on
both sides of the communication and then compared.

The two captures files are checked against missing packages, if they got a
different checksum (only IP header yet) or the delay is to big (variance set to
5%).

The Packages are compared regarding there IP-Id. 
The info column contains new numbering so the “same” packages are parallel.
The color filtering differentiate the two files from each other and create a
“zebra” effect. We assume that the files where captured with at least one
Router in between so the MAC's are different.
After you clicked on the shown package in the error window it gets selected in
the background.

To start select statistics->compare...
I stored the file in the gtk folder of the project.
I also did some fuzzy testing: ./editcap -E 0.05
/root/Desktop/hei_test_capture_v2 /root/Desktop/fuzzyfile.pcap, which looked
good so far.
A test capture is attached.

We hope this feature is useful to Wireshark.

Regards
Vincenzo Condoleo


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube