Merging multiple logs and tracking packet route

Apr 22, 2014 at 10:39 PM

I'm using for my school project and currently I would like to merge multiple .pcap files into one to sort them chronologically. I would like to know what's the best option to achieve that. I'm thinking about copying all the packet data from the files into a single list and sorting them by the timestamp, but what happens if clocks in the log files aren't synchronised? What can I do to get the correct packet order in that kind of situation?

My second question is - how can I get information about the route my packet went through between its source and destination? How can I trace it in I would like to get IP addresses of every node.

Any help appreciated :)
Apr 25, 2014 at 10:18 AM
Hi pawelurb,

For merging pcap files, I suggest you look at
The clocks in the logs should be synchronized.
Otherwise you'll have to have some assumptions on how to merge them.

For getting the IPv4 address between source and destination it depends what you're doing.
If you control both source and destination, you can try to use an IPv4 trace route option, assuming it would be supported by the different nodes.
If you only control the source, you can just try to do traceroute, though it is also not guranteed to work.

I hope this helps,

Apr 27, 2014 at 5:52 PM
Thanks for the reply

Well, the main goal of the project is to create an application which will create a topology graph based on sniffed packets.
I have already prepared a packet sniffer and the next step is to get addresess of all the nodes between packets source and destination in order to add them to the topology graph.

I'm not sure what you mean by "controlling" the source/destination. I've found that in the library there is a class called IpV4OptionTraceRoute. Is that what you're talking about?
May 9, 2014 at 5:25 PM
Hi Pawel,

Yes, you can try using this IPv4 option.
However, it might not be supported by the different routers the packets travel in.
You need to set it when you send the packet and read the packet when it is received (that's what I meant by controlling source and destination).

Usually a trace route is done in a different way.