![]() To use it, you will need to save it in your Wireshark plugins directory or explicitly specify to use it on the tshark command line. Below is one such Lua post-dissector that you may find useful. inverse bounded (time intersection): Finds which packets are unique to each packet capture in a given timeįrame and saves each as a packet capture.To avoid the need for recompiling Wireshark, you could consider implementing a Lua post-dissector that reformats the frame.time field however you like. This can help to identify traffic that sholud be in both packetĬaptures, but is in only one. Limts to return all frames in each pcap that are between these twoįrames. bounded (time intersection): Find the first and last frames in the frame intersection of all pcapsĪccording to their timestamp Use these two frames as upper and lower symmetric difference: Find all packets that are unique to each pcap. union: Find all unique packets found in all provided pcaps. intersection: Find all packets that two pcaps have in common. Reencode the packets in a pcap using text2pcap.ĭifference: Remove all packets that are present in one pcap from another.Apply the operation and generate a list of packets.Strip L2 and 元 headers if those options are specified. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |