how can I compare 2 capture files to expose the difference in packets?
I have 2 Wireshark pcap files I would like to compare for differences. I have a MacBook Pro which after upgrading to Catalina release can no longer login to my D-Link NAS where as I have a MacBook Air using a previous release that can login into my NAS. I would like to see what the differences are in the 2 trace files of the login (failure and successful) to be able to forward to Apple for a fix. I am using aMacBook Pro with Wireshark installed. Thanks in advance for any assistance.
https://twitter.com/Wirefloss/status/... Have you looked at WireEdit ?
I have looked at the feature set but don't see the compare feature and I don't need to edit the packets.
How are you with cut, sed and awk? Run them through tshark, munge as needed then compare both sets of results with "diff -b".
Just looked up the commands you mention and I can say I'm a "novelist" in using these commands to manipulate files. Can you refer me to a more detailed set of instructions on how to do this? Thanks
$ tshark -r ./190719_BSD_Ftp.pcapng -T fields -e _ws.col.Info | head -10 Standard query 0x5020 A wpad Standard query 0x5020 A wpad Name query NB WPAD<00> Name query NB WPAD<00> Who has 192.168.200.1? Tell 192.168.200.214 60444 → 8009 [SYN] Seq=0 Win=17520 Len=0 MSS=1460 WS=256 SACK_PERM=1 NOTIFY * HTTP/1.1 NOTIFY * HTTP/1.1 NOTIFY * HTTP/1.1 NOTIFY * HTTP/1.1 tshark: An error occurred while printing packets: Broken pipe.You might start with just the Info column. The gotcha will be the ports and seq/ack numbers being different for each capture.
https://www.youtube.com/watch?v=PaUX5... SF19EU 07 - Solving (SharkFest) packet challenges using tshark alone (Sake Blok)
https://www.youtube.com/user/SharkFes...