Hello, I'm facing a problem that I can't figure out.
My goal: Compare pcaps and measure the loss in capture.
Scenario: I've sent data (1,5 GB file) from laptop A via WiFi to shared directory on laptop B. On laptop A I've ran Wireshark capture on sending wlan adapter (in promiscuose mode). Between these laptops I have a sniffer (router with wlan in monitor mode) that captures the WiFi traffic in monitor mode = raw 802.11 frames. After file transfer was done I stop capturing on both devices.
Now, what I want to do is to compare these two pcap files a measure the frame/packet/data loss = If I captured all data with sniffer and how many of them are missing. Problem is, that pcap from laptop A contains packets with TCP protocols and other.. but the pcap from sniffer contains raw frames (no protocols). I captured handshake and I know my WiFi password so I'm able to decrypt some traffic to see packet and protocols like tcp.
So my question is, how can I compare/measure caputred traffic (data transfer) from these two pcap files? Is it possible to folow sequence numbers and compare them?
