Skip to content

tracediff

Shane Alcock edited this page Aug 7, 2020 · 5 revisions

tracediff reports differences in packets between two trace files.

Usage

tracediff [ -m maxdiff ] firstURI secondURI

Options

-m maxdiff Stop processing after displaying maxdiff different packets
-w windowsize Look ahead by windowsize packets when searching for a possible match
-a uri Write packets that are in firstURI but not in secondURI to the output trace at uri
-b uri Write packets that are in secondURI but not in firstURI to the output trace at uri

Applications

Report the first 10 differences between an original ERF trace and the converted PCAP version:

    tracediff -m 10 erf:orig.erf.gz pcapfile:convert.pcap.gz

Generate a pcap of the first 10 packets in an original ERF trace that are NOT in the converted PCAP version:

    tracediff -m 10 -a pcap:output.pcap erf:/traces/orig.erf.gz pcapfile:/traces/convert.pcap.gz

Notes

  • The contents of the framing headers, e.g. PCAP or ERF encapsulation, are not compared.
  • This tool is primarily intended to verify the integrity of traces or test if two traces are the same. Running tracediff against two entirely different traces will create a LOT of output!
Clone this wiki locally