Wireshark · Wireshark-users: Re: [Wireshark-users] out-of-orders instead of duplicates

Wireshark-users: Re: [Wireshark-users] out-of-orders instead of duplicates

From: Andrew Hood <ajhood@xxxxxxxxx>

Date: Thu, 12 Mar 2009 23:54:55 +1100

Pawel K wrote:
> Hello
> 
> I receive many packets that look like duplicates.
> They are exactly the same - even with respect to the receiving time.
> Wireshark reports the second packet as a TCP Out-Of-Order.
> IMHO it should be reported as a duplicate.
> Am I right ?
> 
> thank You for an answer

You are running Wireshark on Windows or on a span port?

Windows can, depending on exactly which programs are in the network
stack, cause WinPcap to see packets twice. Span ports will duplicate all
traffic if not configured correctly.

Both of these shold be FAQs.

Use "editcap -d infile outfile" to remove the dups.

-- 
There's no point in being grown up if you can't be childish sometimes.
                -- Dr. Who

References:
- [Wireshark-users] out-of-orders instead of duplicates
  - From: Pawel K

Prev by Date: [Wireshark-users] out-of-orders instead of duplicates
Next by Date: [Wireshark-users] "Top Talkers" using Wireshark?
Previous by thread: [Wireshark-users] out-of-orders instead of duplicates
Next by thread: Re: [Wireshark-users] out-of-orders instead of duplicates
Index(es):
- Date
- Thread