Thanks, Luis. This should work quite nicely.
Earl
On Wed, 2004-12-29 at 09:04, LEGO wrote:
> perl's Net::Pcap and NetPacket can turn out much more useful for that purpose,
> supposing the Firewall does not modify the packets (which it might do).
>
> the attached script reads the packets, crops the ethernet header and
> writes an hexdump one packet per line.
> After that, you feed diff with both output files.
>
> It's not realy a detailed application but I've used it for routers in the past.
>
> Luis
>
>
>
>
> On Wed, 29 Dec 2004 07:54:25 -0700, Earl Eiland <eee@xxxxxxx> wrote:
> > I have to compare two files, one being packets going onto a firewall,
> > and one packets leaving the firewall. I then need to create a new file
> > of packets dropped by said firewall.
> >
> > I presume this ability is not built into Ethereal. Where can I find
> > information on Ethereal's file structure, so I can build a parser?
> >
> > Earl Eiland
> >
> > _______________________________________________
> > Ethereal-users mailing list
> > Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
> >
>
> ______________________________________________________________________
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users