0

How doing the diff between two pcap file and store de results

asked 2019-12-30 09:21:47 +0000

salwa1215
1 ●3 ●11 ●9

I want to compare the difference between two pcap files and store the difference in another pcap file I used the command files and when I want to open the result file I had a problem with wireshark because its format is not undertood by this later. Here is my command:

diff -ua file1.pcap file2.pcap > file3.pcap

Any help please ?

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted

0

answered 2019-12-30 09:46:57 +0000

flag of United Kingdom of Great Britain and Northern Ireland

23790 ●4 ●950 ●227 https://www.wireshark.org

The result of applying diff to two binary pcap files does not, in general, result in a pcap file.

You'll need to use other tools, e.g. on the Wireshark Wiki Tools list pcap_diff that might help.

You might also consider dumping the pcaps to another format (e.g. text, json, pdml) to then use other diff tools appropriate for that format.

edit flag offensive delete link

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Question Tools

1 follower

Stats

Asked: 2019-12-30 09:21:47 +0000

Seen: 2,092 times

Last updated: Dec 30 '19

Related questions

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.

Powered by Askbot version 0.10.2