[Sans] Pcap diff tool
Bastian Ballmann
bastian.ballmann at inf.ethz.ch
Thu Jan 31 13:42:16 CET 2013
Hi all!
Recently we wanted to know the difference between two wireshark sessions
to two different destination ips. Wireshark has got the ability to merge
two pcap files and diff them if they are from the same connection, but
there was no tool to diff pcap files in a more flexible way. I found one
from EFF but the download link was broken and the project seemed to be
inactive.
Therefore I wrote a little Python script using Scapy to do the diffing.
It can just print packets or produce a new pcap file and you can tell it
which header it should ignore or which side / file.
The source code can be found here https://github.com/isginf/pcap-diff
Patches, ideas and / or feature requests are welcome. Hope you enjoy it!
Regards
Basti
--
ETH Zürich, Bastian Ballmann, IT Service Group
CAB E 44.1, Universitätsstrasse 6, CH-8092 Zürich
Tel +41 44 632 72 04
More information about the Sans
mailing list