Wireshark-users: Re: [Wireshark-users] wireshark on windows showing duplicates that are not reall
Robert Guthrie wrote:
Running wireshark 1.0.0 on Windows XP, SP #2, IBM Think Centre, Pentium
4, Intel® PRO/1000 MT
is showing me duplicate packets, but I don’t think the duplicate packets
are actually being sent to the network.
I did a test that involves 3 computers:
Machine A - Windows IP 9.53.23.38 sending ICMP ping requests
Machine B - Windows IP 9.48.150.77 receiving ICMP ping requests
Machine C - Linux machine on the same bridge as Machine A and can see
all traffic to/from Machine A
Running wireshark on machine A shows duplicate ping requests.
Running wireshark on machine B shows no duplicates, but shows ping
requests/replies
Running wireshark on machine C shows no duplicates.
It must be a driver issue. Or you have some other type of
VPN/QoS/Accelerator like drivers installed. The packets from machine A
(the dups) are identical in every detail.
What I don't understand though is why the payload of the ping packets
are different from a normal XP ping. Normal XP ping uses "abc...." in
the payload - curiously, it stops at the letter w and starts over.
This leads me to believe that you have some other drivers installed.
--
Thanks,
Hansang