Wireshark-bugs: [Wireshark-bugs] [Bug 2589] New: Compare two capture files
Date: Thu, 5 Jun 2008 00:09:10 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2589 Summary: Compare two capture files Product: Wireshark Version: SVN Platform: PC OS/Version: Linux Status: NEW Severity: Enhancement Priority: Low Component: Wireshark AssignedTo: wireshark-bugs@xxxxxxxxxxxxx ReportedBy: vcondole@xxxxxx Condoleo <vcondole@xxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #1855| |review_for_checkin? Flag| | Created an attachment (id=1855) --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=1855) compare enhancement (including tshark) and view minor changes to other files Build Information: Build Information Linux: Version 1.0.99 (SVN Rev 25424) Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GTK+ 2.12.8, with GLib 2.14.6, with libpcap 0.9.7, with libz 1.2.3, with POSIX capabilities (Linux), without libpcre, without SMI, without ADNS, without Lua, with GnuTLS 1.6.3, with Gcrypt 1.2.4, with MIT Kerberos, without PortAudio, without AirPcap. NOTE: this build doesn't support the "matches" operator for Wireshark filter syntax. Running on Linux 2.6.24.7-92.fc8PAE, with libpcap version 0.9.7. Built using gcc 4.1.2 20070925 (Red Hat 4.1.2-33). -- Windows: Version 1.0.99-comparetool-010 (SVN Rev 25424) Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GTK+ 2.12.9, with GLib 2.16.3, with WinPcap (version unknown), with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8, with ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT Kerberos, with PortAudio V19-devel (built Jun 4 2008), with AirPcap. Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without AirPcap. Built using Microsoft Visual C++ 8.0 build 50727 -- The goal is to detect foreign intrusion. The capture files are produced on both sides of a communication (server/client) and then compared (max. two files). The two capture files are checked for missing packets and if a found match got a different checksum (only IP header yet) or the delay is to big (variance can be set in seconds) the packet is considered as faulty. It also checks the order if both packets have the same predecessor. The Packets are compared regarding there IP-Id or TTL. The info column contains new numbering so the same packets are parallel. The color filtering differentiate the two files from each other. A “zebra” effect is create if the Info column is sorted. For the MAC and TTL option we assume, that the files where captured with at least one router in between so the MAC or TTL is different. If you click on the packets in the error list, it gets selected in the main window. The start and stop numbers will try to find the same range of each file. Start means count of matched packets in sequence. Stop means no match found in sequence for n times. All values which are set to zero, are deactivated. To start, select statistics->compare... in Wireshark or -z compare,... for tshark Compare_stat.c is stored in the gtk folder of the project. Tap-comparestat.c is stored in the wireshark folder. We also did some fuzzy testing: ./editcap -E 1.0 ... randpkt -c 50000 -t ip ..., /tools/fuzz-test.sh we used different test captures, one is attached. For the TTL option we changed: epan/dissectors/packet-ip.c To work on Windows we added in_cksum() to epan/libwireshark.def We hope this feature is useful to Wireshark. Regards Vincenzo Condoleo -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
- Follow-Ups:
- [Wireshark-bugs] [Bug 2589] Compare two capture files
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2589] Compare two capture files
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2589] Compare two capture files
- Prev by Date: [Wireshark-bugs] [Bug 2587] Faulting application
- Next by Date: [Wireshark-bugs] [Bug 2589] Compare two capture files
- Previous by thread: [Wireshark-bugs] [Bug 2588] Bad UTF-8 string from RSS dissector
- Next by thread: [Wireshark-bugs] [Bug 2589] Compare two capture files
- Index(es):