I'm facing a problem that I can't figure out.
My goal: Compare pcaps and measure the loss in capture. Scenario: I've sent data (1,5 GB file) from laptop A via WiFi to shared directory on laptop B. On laptop A I've ran Wireshark capture on sending wlan adapter (in promiscuose mode). Between these laptops I have a sniffer (router with wlan in monitor mode) that captures the WiFi traffic in monitor mode = raw 802.11 frames. After file transfer was done I stop capturing on both devices. Now, what I want to do is to compare these two pcap files a measure the frame/packet/data loss = If I captured all data with sniffer and how many of them are missing. Problem is, that pcap from laptop A contains packets with TCP protocols and other.. but the pcap from sniffer contains raw frames (no protocols). I captured handshake and I know my WiFi password so I'm able to decrypt some traffic to see packet and protocols like tcp.
So my question is, how can I compare/measure caputred traffic (data transfer) from these two pcap files? Is it possible to folow sequence numbers and compare them?
Pcap file from laptop A have 1,7 GB and file from sniffer have 1,3 GB .So when transfered file have 1,5 GB I assume that I did not captured all traffic, but I need to now how many frames/packets I missed.
