[Sans] Pcap diff tool
Steven Armstrong
steven.armstrong at inf.ethz.ch
Thu Jan 31 15:04:54 CET 2013
Bastian Ballmann wrote on 01/31/2013 01:42 PM:
> Hi all!
>
> Recently we wanted to know the difference between two wireshark sessions
> to two different destination ips. Wireshark has got the ability to merge
> two pcap files and diff them if they are from the same connection, but
> there was no tool to diff pcap files in a more flexible way. I found one
> from EFF but the download link was broken and the project seemed to be
> inactive.
>
> Therefore I wrote a little Python script using Scapy to do the diffing.
> It can just print packets or produce a new pcap file and you can tell it
> which header it should ignore or which side / file.
>
> The source code can be found here https://github.com/isginf/pcap-diff
>
> Patches, ideas and / or feature requests are welcome. Hope you enjoy it!
> Regards
Woot, isginf on github!
Thanks, your tool will come in handy :-)
Cheers,
Steven
--
Steven Armstrong
Institute of Computational Science, ETH Zurich
IT Management & Support
Universitaetsstrasse 6, CAB/H/88
8092 Zurich, Switzerland
Phone: +41 44 632 25 24
More information about the Sans
mailing list