Wireshark-users: Re: [Wireshark-users] wireshark on windows showing duplicates that are not reall
From: Hansang Bae <hbae@xxxxxxxxxx>
Date: Sun, 20 Apr 2008 00:11:04 -0400
Robert Guthrie wrote:
Running wireshark 1.0.0 on Windows XP, SP #2, IBM Think Centre, Pentium 4, Intel® PRO/1000 MT is showing me duplicate packets, but I don’t think the duplicate packets are actually being sent to the network. I did a test that involves 3 computers:
Machine A - Windows IP 9.53.23.38 sending ICMP ping requests
Machine B - Windows IP 9.48.150.77 receiving ICMP ping requests
Machine C - Linux machine on the same bridge as Machine A and can see all traffic to/from Machine A Running wireshark on machine A shows duplicate ping requests. Running wireshark on machine B shows no duplicates, but shows ping requests/replies
Running wireshark on machine C shows no duplicates.


It must be a driver issue. Or you have some other type of VPN/QoS/Accelerator like drivers installed. The packets from machine A (the dups) are identical in every detail.

What I don't understand though is why the payload of the ping packets are different from a normal XP ping. Normal XP ping uses "abc...." in the payload - curiously, it stops at the letter w and starts over.

This leads me to believe that you have some other drivers installed.

--

Thanks,
Hansang