Benjamin Scott writes: > On Sat, Apr 3, 2010 at 5:19 PM, Kevin D. Clark
> > One thing that I've done to help me understand what is going on is to > > rigorously go through each packet (sent and received) and verify that > > what got sent is the same as what got received ... > > Wireshark's ability to break down packets from transport to > application layers can be a great help here. If using the text > "tshark", use the "-V" switch. Yes, and then you can use Perl to parse the output of "tshark -V" to do some detailed analysis. > Is there anything like a "diff" utility for pcap captures? Google > finds mention of something called "tcpdiff", but it seems to be more > aimed at the transport layer alone, and appears to be BSD (more > correctly, "pf") only. I'm still giving some thought into how I'd actually do this in general. Regards, --kevin -- alumni.unh.edu!kdc / http://kdc-blog.blogspot.com/ GnuPG: D87F DAD6 0291 289C EB1E 781C 9BF8 A7D8 B280 F24E Wipe him down with gasoline 'til his arms are hard and mean From now on boys this iron boat's your home So heave away, boys. -- Tom Waits _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
