So when transfered file have 1,5 GB I assume that I did not captured all traffic, but I need to now how many frames/packets I missed. Pcap file from laptop A have 1,7 GB and file from sniffer have 1,3 GB. So my question is, how can I compare/measure caputred traffic (data transfer) from these two pcap files? Is it possible to folow sequence numbers and compare them? I captured handshake and I know my WiFi password so I'm able to decrypt some traffic to see packet and protocols like tcp. but the pcap from sniffer contains raw frames (no protocols).
Problem is, that pcap from laptop A contains packets with TCP protocols and other. Now, what I want to do is to compare these two pcap files a measure the frame/packet/data loss = If I captured all data with sniffer and how many of them are missing. It creates an extensive log of all network activities and interprets them into a user-friendly format that virtually anyone can interpret. While Wireshark looks at each packet, NetWitness categorizes and organizes traffic so that anomalous patterns become very apparent. After file transfer was done I stop capturing on both devices. NetWitness provides a high level overview of all the traffic in a PCAP file. Between these laptops I have a sniffer (router with wlan in monitor mode) that captures the WiFi traffic in monitor mode = raw 802.11 frames. On laptop A I've ran Wireshark capture on sending wlan adapter (in promiscuose mode). Scenario: I've sent data (1,5 GB file) from laptop A via WiFi to shared directory on laptop B. My goal: Compare pcaps and measure the loss in capture. I'm facing a problem that I can't figure out.
0 kommentar(er)
