Diff two or more PCAP files
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
.gitignore initial commit Jan 25, 2013
LICENSE.txt converted to python3 May 30, 2018
README.rst Update README.rst Aug 10, 2018
pcap_diff.py fixes #8 May 30, 2018



Diff two or more pcap files and write a pcap file with different packets as result


Python 3.x Scapy (pip3 install scapy)

Example usages

Diff client.dump and server.dump but ignore different packets on client side

pcap_diff.py -i client.dump -i server.dump -o diff.pcap -l

Show all differences but ignore all mac addresses

pcap_diff.py -i client.dump -i server.dump -o diff.pcap -f m

Ignore all IP Ids, TCP sequence and acknowledgement number

pcap_diff.py -i client.dump -i server.dump -o diff.pcap -f ii -f sa

Ignore everthing below 802.11 layer

pcap_diff.py -i client.dump -i server.dump -o diff.pcap -L Dot11

Do a diff over all packet headers including timestamps, ttl and checksums

pcap_diff.py -i client.dump -i server.dump -o diff.pcap -c


Copyright 2013-2018 ETH Zurich, ISGINF, Bastian Ballmann E-Mail: bastian.ballmann@inf.ethz.ch Web: http://www.isg.inf.ethz.ch

This is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

It is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License. If not, see <http://www.gnu.org/licenses/>.