Comparing two Wireshark capture files
20,291
You can use Wireshark to perform the capture, select the packets of each stream and export to text files (one per stream):
File -> Export -> as "Plain Text" file:
- Check "Selected packet only"
- Check "Packet summary line"
- Check "Packet details: All expanded"
Then perform the diff with regular text tools as gnu diff, WinMerge or gvimdiff.
Author by
pdk
Updated on July 09, 2022Comments
-
pdk 6 months
I want to use iperf to send some packets and receive the same at the client (which might have gone through different OSI layer processings). I want to check the packets sent are same as the received ones.
- Can I use Wireshark to capture the streams?
- Is there any way to compare them with the wireshark?
Or is there any other better way of doing this?
-
delimiter over 5 yearsComparing OUTSIDE of wireshark is what I'm after also. In v2.2.6 there is a subtle difference in that it can be done with File > Export Packet Dissections... Everything else is pretty much the same. -
kocica almost 5 yearsHi @mMontu, is it also possible to compare regular pcap file and pcap new generation file ? Or the data in new generation pcap are stored differently even if the packets are same ? Thanks. -
mMontu almost 5 years@FilipKočica I'm sorry but I don't have information about that. But you could try to compare small captures in both formats and possibly create a small script to convert captures on old format to the new format. Or try to load old captures in newer versions of wireshark, and then save it in the new format. -
pchaigno over 4 yearsI can't find the Compare window with a recent version of Wireshark (2.2.6). Was it removed?