Ask Your Question
0

compare 2 captures in wireshark

asked 2017-12-06 23:58:23 +0000

bogemon gravatar image

hi guys can anybody tell me where to compare 2 file captures.

edit retag flag offensive close merge delete

Comments

I too need this answered. Trying to find the best way to see what traffic is being dropped between two L3 switches.

RickyRouter gravatar imageRickyRouter ( 2018-05-03 13:21:04 +0000 )edit

Large monitor and open both traces side-by-side?

Bob Jones gravatar imageBob Jones ( 2018-05-04 16:44:35 +0000 )edit
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2018-05-04 12:06:13 +0000

NJL gravatar image

updated 2018-05-04 12:19:10 +0000

You should look into the Syncro plugin by Tribelab.

Essentially you run two instances of Wireshark and when you move around in one instance in Packet Details, the scrollbar/packet marker in the other instance moves with it. This means you can easily correlate the two captures for faults, missing packets etc.

Please note that it requires you to install a DLL that essentially opens sockets on your own machine, which may or may not be allowed if you have strict security rules. E.g. I'm not able to do this on my company laptop which is a real pain.

https://community.tribelab.com/course...

It's very nice.

edit flag offensive delete link more
add a comment
0

answered 2018-05-03 15:48:56 +0000

Jaap gravatar image

Compare is a rather generic term. But what you can do is merge the two capture files and then look at it.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2017-12-06 23:58:23 +0000

Seen: 1,602 times

Last updated: May 04 '18

Related questions

cannot find "Compare two capture files"

how can I compare 2 capture files to expose the difference in packets?

How do I compare 2 PCAP files in Wireshark?