compare 2 captures in wireshark

asked 2017-12-06 23:58:23 +0000

hi guys can anybody tell me where to compare 2 file captures.

I too need this answered. Trying to find the best way to see what traffic is being dropped between two L3 switches.

RickyRouter ( 2018-05-03 13:21:04 +0000 )

Large monitor and open both traces side-by-side?

Bob Jones ( 2018-05-04 16:44:35 +0000 )

2 Answers

answered 2018-05-04 12:06:13 +0000

updated 2018-05-04 12:19:10 +0000

You should look into the Syncro plugin by Tribelab.

Essentially you run two instances of Wireshark and when you move around in one instance in Packet Details, the scrollbar/packet marker in the other instance moves with it. This means you can easily correlate the two captures for faults, missing packets etc.

Please note that it requires you to install a DLL that essentially opens sockets on your own machine, which may or may not be allowed if you have strict security rules. E.g. I'm not able to do this on my company laptop which is a real pain.

It's very nice.

answered 2018-05-03 15:48:56 +0000

Compare is a rather generic term. But what you can do is merge the two capture files and then look at it.

Asked: 2017-12-06 23:58:23 +0000

