Wireshark-users: Re: [Wireshark-users] Compare two wireshark

From: Manolis Katsidoniotis <manoska@xxxxxxxxx>
Date: Fri, 2 Jul 2010 10:16:26 +0300
...
if you are interested in specific packets
another alternative is to export them with Ctrl+H in raw format (SIP is text anyway) and compare with a text editor (say UltraEdit ...)
...
if you are interested in general statistics
you can run tshark -z against both files
...

On Fri, Jul 2, 2010 at 9:03 AM, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
Hi,

Well, I guess you could mergecap chronologically the two files, then tshark the
result and see what that brings you, depending on where in the protocol you want
to spot the differences.

Thanks,
Jaap

On 07/02/2010 07:29 AM, Abhishek Gupta wrote:
> Can I achieve 3^rd  possibility using command line.?
>
> *From:* wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] *On Behalf Of *Jaap Keuter
> *Sent:* Thursday, July 01, 2010 7:13 PM
> *To:* Community support list for Wireshark
> *Subject:* Re: [Wireshark-users] Compare two wireshark
>
> Hi,
>
> Compare in what sense?
>
> Should there be a binary compare? (unlikely)
> Should there be a packet compare? (maybe, then you can load both files
> and try to delete duplicates)
> Should there be a SIP compare? (possible, then you could load both
> captures and use VoIP calls and show graph)
>
> Thanks,
> Jaap
>
> On Thu, 1 Jul 2010 17:18:03 +0530, Abhishek Gupta
> <abhishek@xxxxxxxxxxxx> wrote:
>
>     Hi,
>
>     I have two PCAP file, both have SIP packets. Now I want to camper
>     these pcap files.
>

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe