tracediff - find and print differences between two traces

tracediff [ -m maxdiff ] firsturi seconduri

tracediff compares two trace files and prints the details of packets that differ to standard output. This is useful for finding packets that are present in one trace but not another or for finding conversion or snapping errors.

stop processing after displaying 'maxdiff' differences

tracediff -m 10 erf:/traces/orig.erf.gz pcapfile:/traces/convert.pcap.gz

Not exactly a bug, but the contents of the framing headers (i.e. the PCAP or ERF encapsulation) are not compared.

More details about tracediff (and libtrace) can be found at

libtrace(3), tracemerge(1), tracefilter(1), traceconvert(1), tracestats(1), tracesummary(1), tracertstats(1), tracesplit(1), tracesplit_dir(1), tracereport(1), tracepktdump(1), traceanon(1), tracereplay(1), traceends(1), tracetopends(1)

Shane Alcock <>

January 2010 tracediff (libtrace)