Hello all,
I've been tasked with testing a network appliance that my employer has developed. This particular device currently only needs to support UDP traffic, however we will add TCP support in the future. The challenge is to compare the data being received through the device is identical to what was sent. Meaning it hasn't been modified in any way. The main requirement is that the test device sending the traffic uses the full Windows or Linux stack. We've used a device called Ixia, but it doesn't traverse the full OSI stack when sending traffic. Only up to layer 3 I believe. We've also used TCPReplay to send pcap files, but again, I believe TCPReplay doesn't use the full stack. Even then if we capture the received data via Wireshark or TCPdump we really don't have a good way of comparing sent pcap to received pcap other than stare and compare.
What I'm ideally looking for is an app that will allow me to send traffic through the full stack, capture that traffic, capture the traffic on output of the device and perform a comparison.
In lieu of such an application, if I manually capture sent and received traffic as pcaps, is there a way to perform an analysis of the pcaps and flag packets that have been changed?
Thanks in advance,
-Jorden
Wirediff looks like a recent tool that might help you out:
https://blog.apnic.net/2020/07/01/wirediff-a-new-tool-to-diff-network-captures/
https://github.com/aaptel/qtwirediff
Thank you very much. That looks like it might work.
-Jorden
Please post back and let us know how you go?