hello, i have a lot of pcap files (tcpdump output) that i want to compare.
every tcpdump output has two file, server and client.
what i want to do is:
- take timestamp, source address, destination address, and packet id from each file (server and client)
- find the packets sent from server, that client received (appear on client's tcpdump output). packet from server that not received by client will be remove
- calculate the delay (client timestamp - server timestamp)
thanks in advance
ps: pardon my English
---edted---
the final output i'm thinking is something like:
server time stamp, client time stamp, delay, ip address, packet id