Hi,
Thanks for your email.
> Maybe you want to share with us why you want to do this. What is your
> goal? Checking network performance?
>
My company does performance analysis of web applications for its
clients. I am asked to analyze tcpdumps. For now, two immediate goals
with respect two packet matching on both sides of the conversation,
are:
* Find time differences between servers, possibly per second to detect
possible clock skews,
* De-duplicate packages on both end of the connection. This can be
done with tools such as "editcap" of course, but becomes very tedious
and error-prone when working with multiple cap-files.
I will have to process multiple cap-files from all servers. I know the
IP numbers, but I can make no assumptions on how tcpdump is started
by our clients. From the cap-files, we want to visualize communication
of between all IPs: which IP is talking to who, packet count,
protocols, number of bytes, etc. That, and more. If something like
this already exists, I would love to hear from you!
Best regards,
Andrej