Hello,
I have used WireShark for basic network sniffing and analysis but now I am being called upon to do some complex analysis of capture files and quite frankly - I don't how or where to start. The sorts of analysis I need to do are of the following type:
- If a specific packet with some specific data comes through then the next packet must have some other data in it
- If a specific packet comes through then another packet must occur with a specific time frame
and keep a count of all instances where the first condition occurs and the second one doesn't as well as where the first condition occurs and second one does too. And then there's a zillions variants of this sort of conditional analysis between packets.
I think there should be a way to do it - I just don't know enough about WireShark to know what it is or where to start looking even. I know how to set up a filter for each condition, I just don;t understand or know that you can link conditions with stored variables (like frame.number of first packet == frame.number of this packet +1) I sure hope the answer isn't lua but if it is - or even better if it isn't - pointers to where to start would be fantastic.
Thanks for any help!