How to diff two network dumps from tcpdump or Wireshark

diff()tcpdumpwireshark

I'm having a problem with one of our customers' embedded computers. They seem to discard some network packets which they should not. I can capture the TCP communication from a managed switch outside the box using Wireshark and I can probably also manage to capture all data from within using tcpdump. I could load both dumps into Wireshark and compare them myself. But is there an easier way to only see the differences between two such dump files?

Best Answer

I can't remember if I've used it or not, but I think TPCAT can do what you're after.

TPCAT screenshot

Related Solutions

Linux – How to Diff Two XML Files

One approach would be to first turn both XML files into Canonical XML, and compare the results using diff. For example, xmllint can be used to canonicalize XML.

$ xmllint --c14n one.xml > 1.xml
$ xmllint --c14n two.xml > 2.xml
$ diff 1.xml 2.xml

Or as a one-liner.

$ diff <(xmllint --c14n one.xml) <(xmllint --c14n two.xml)

Best Answer

Related Solutions

Linux – How to Diff Two XML Files

Related Question