Bug#858867: diffoscope: please support pcap files

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Mar 28 12:52:49 UTC 2017


On Tue 2017-03-28 03:39:18 -0500, Chris Lamb wrote:
> tags 858867 + pending
> thanks
>
> Implemented in Git:
>
>   https://anonscm.debian.org/git/reproducible/diffoscope.git/commit/?id=c5d01341055d0aa0552d08725a6b8e44255b0374

woo, thanks!

in my testing before i saw this, i ended up using diff against the
output of "tshark -V -r xx.pcap" (from the tshark package), but i think
the tcpdump output you've got (with timestamps) is arguably more
thorough.

Knowing the right flags to pass for specific .pcap debugging might vary
depending on what kind of network trace differences the user is
interested in (e.g. in some cases, the network admin doesn't care about
wall-clock time, they just care about delay gaps, so it'd be nice to
have the initial wallclock in one place -- at the top of the dump -- and
then just offsets following; or the network admin might not care about
the payload, and just be interested in the IP or TCP or UDP flags), but
i think that kind of nuance might not something that diffoscope can
really account for, given its generic mandate.

Anyway, if somoene in the future tests and decides that tshark is
"better" for diffoscope's purposes than tcpdump, they now have a
specific place to patch.  thanks, Lamby!

         --dkg



More information about the Reproducible-builds mailing list