On Fri, Jun 22, 2001 at 01:50:19PM -0600, Tom Trenker wrote:
> I would like to use two ethereal sessions to compare some X11 packets
> before and after they have passed through a firewall. I think that if I
> could hack the print function to print the sequence number from the TCP
> header, and then a hex dump of the X11 data from the same packet, I could
> then use "diff" to show me what was changed.(I believe the firewall is
> dropping bits occasionally) If I use the current print function, the hex
> dump shows the whole packet, where there are legitimate changes due to
> network address translation, making a "diff" comparison rather useless.
>
> Any suggestions, or pointers?
tethereal -V -r outside.pcap | sed 's/.../.../g' >outside-decoded.pcap
tethereal -V -r inside.pcap | sed 's/.../.../g' >inside-decoded.pcap
diff -u outside.pcap inside.pcap
The sed (perl, awk, whatever) part is to compensate for TCP seqno changes,
IP-Address changes and maybe delete the first few lines with timestamp
and layer 2 header. You may want to keep the frame number.
Ciao
Jörg
--
Joerg Mayer <jmayer@xxxxxxxxx>
I found out that "pro" means "instead of" (as in proconsul). Now I know
what proactive means.