hello, i have a lot of pcap files (tcpdump output) that i want to compare.
every tcpdump output has two file, server and client.
Quote:
Originally Posted by server
22:22:50.280335 IP 192.168.1.4.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10492 166400
22:22:50.297068 IP 10.14.15.30.8000 > 192.168.1.4.10728: udp/rtp 160 c8 1045 167200
22:22:50.297086 IP 10.14.15.30.8000 > 192.168.1.4.10728: udp/rtp 160 c8 1046 167360
22:22:50.297100 IP 192.168.1.4.13384 > 10.14.15.28.8000: udp/rtp 160 c8 15129 167040
22:22:50.297116 IP 192.168.1.4.13384 > 10.14.15.28.8000: udp/rtp 160 c8 15130 167200
22:22:50.304720 IP 10.14.15.28.8000 > 192.168.1.4.13384: udp/rtp 160 c8 1042 208800
22:22:50.304742 IP 10.14.15.28.8000 > 192.168.1.4.13384: udp/rtp 160 c8 1043 208960
22:22:50.304750 IP 192.168.1.4.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10493 166560
22:22:50.304765 IP 192.168.1.4.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10494 166720
Quote:
Originally Posted by client
22:22:50.473448 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10493 166560
22:22:50.483449 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10494 166720
22:22:50.488877 IP 10.14.15.30.8000 > 10.14.15.29.10728: udp/rtp 160 c8 1047 167520
22:22:50.503449 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10495 166880
22:22:50.508760 IP 10.14.15.30.8000 > 10.14.15.29.10728: udp/rtp 160 c8 1048 167680
22:22:50.523450 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10496 167040
22:22:50.528808 IP 10.14.15.30.8000 > 10.14.15.29.10728: udp/rtp 160 c8 1049 167840
22:22:50.528826 IP 10.14.15.30.8000 > 10.14.15.29.10728: udp/rtp 160 c8 1050 168000
22:22:50.543451 IP 10.14.15.29.10728 > 10.14.15.30.8000: udp/rtp 160 c8 10497 167200
what i want to do is:
1. take timestamp, source address, destination address, and packet id from each file (server and client)
2. find the packets sent from server, that client received (appear on client's tcpdump output). packet from server that not received by client will be remove
3. calculate the delay (client timestamp - server timestamp)
thanks in advance
ps: pardon my English
---edted---
the final output i'm thinking is something like:
server time stamp, client time stamp, delay, ip address, packet id