0
I have two pcap files and I want to make the difference between them. And store the difference in another pcap file.
I tried diff command but it's not suitable with the binary files and I used also the pcap_diff tool but the result is inconsistent I mean pcap1 size - pcap2 size # diff pcap size.
Any help please?
salwa17
Posted 2020-01-24T12:18:51.257
Reputation: 1
It is not clear for me what this "diff" should contain. Packets from pcap 1 which are not in pcap 2? What exactly is a different packet - only payload or also timestamp, port, ... ? – Steffen Ullrich – 2020-01-24T17:05:43.620
Not only payload. All differences between both files. Diff should contains packets which are in pcap file 1 and not in pcap file 2 – salwa17 – 2020-02-13T14:59:39.577