[ILUG] Compare TCP captures from both ends of a connection
Kenn Humborg
kenn at bluetree.ie
Fri Jul 3 14:04:31 IST 2009
> Kenn Humborg wrote:
> > I've got network packet captures from both ends of
> > a TCP connection and I'm try to figure out what's
> > happening during some intermittent packet-loss
> > episodes.
> >
> > Currently, I'm looking at both traces in two Wireshark
> > windows, but it's less than ideal.
> >
> > Does anyone know of a tool that would load up both
> > captures, synch them up (without having tight clock
> > sync at both ends) and tell me things like
> >
> > o This packet took N ms to get to the other side
> > o This packet was received N times
> > o This packet was received out of order
> > o This packet was lost
>
> Doesn't wireshark have a merge pcap file option in the GUI?
> It used to come with a mergecap util also I think.
> Also I remember using a tcpslice util, but that's
> years ago now.
There's a new option Statistics->Compare that seems to do
what I want. I'll still have to use editcap to time-adjust
one file , but it's better than nothing.
Later,
Kenn
More information about the ILUG
mailing list