pcapdiff

EFF is no longer working on pcapdiff, but development continues with the tpcat project.

Pcapdiff is a tool developed by the EFF to compare two packet captures and identify potentially forged, dropped, or mangled packets. Two technically-inclined friends can set up packet captures (e.g. tcpdump or Wireshark) on their own computers and produce network traffic between their two computers over the Internet. Later, they can run pcapdiff on the two packet capture files to identify suspicious packets for further investigation. See Detecting packet injection: a guide to observing packet spoofing by ISPs and EFF's Test Your ISP Project for more background.

Pcapdiff 0.1 is written in Python, is run from the command line, and requires the pcapy Python library. It should run on any OS where those two things are available. This is an early release of the software; more features and bug fixes are expected in the future.

Related Issues

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

In December, a NY judge ruled that pointing out DRM-breaking software isn't copyright infringement https://eff.org/r.axrt #DayAgainstDRM

May 6 @ 11:47am

A librarian on the lies created by copyright law and the clash between DRM and intellectual freedom https://eff.org/r.2xzr #DayAgainstDRM

May 6 @ 11:09am

It's International Day Against DRM! EFF calls for an end to unfair laws that lock down your stuff. https://eff.org/r.hkz5 #DayAgainstDRM

May 6 @ 10:20am
JavaScript license information