Find and print differences between two traces
tracediff [ -m maxdiff ] firsturi seconduri
tracediff compares two trace files and prints the details of packets that differ to standard output. This is useful for finding packets that are present in one trace but not another or for finding conversion or snapping errors.
-m maxdiff
stop processing after displaying 'maxdiff' differences
tracediff -m 10 erf:/traces/orig.erf.gz pcapfile:/traces/convert.pcap.gz
Not exactly a bug, but the contents of the framing headers (i.e. the PCAP or ERF encapsulation) are not compared.
More details about tracediff (and libtrace) can be found at http://www.wand.net.nz/trac/libtrace/wiki/UserDocumentation
Shane Alcock <[email protected]>