Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] FW: TCP Packets being sent twice? Ever seenthis?

From: "Brian Biales" <BBIALES@xxxxxxxxxxxxxxx>
Date: Fri, 25 Apr 2008 12:01:15 -0400
Ok, I've attached a smaller trace, and sure enough, the IP
Identification field appears to be the same on the duplicate packets.
While distracting, I'm glad to know it is falsely being reported.

Thanks.
Brian 

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Barry
Constantine
Sent: Friday, April 25, 2008 9:18 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] FW: TCP Packets being sent twice? Ever
seenthis?

There are situations where the packets are falsely captured twice due to
OS, port mirroring, etc..

Look at the IP ID field on two duplicate packets; if they are the same,
then these packets are not really on the wire.

I know other tools allow you to eliminated duplicate packets based upon
the IP ID, but I never tried this with Wireshark

-Barry

-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Brian Biales
Sent: Friday, April 25, 2008 8:01 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] FW: TCP Packets being sent twice? Ever seen
this?

I was using Wireshark to view the SMTP traffic on my Windows SMTP
server.  What I found was very odd...  Each packet my server was sending
appears to be sent twice!
 
Is this for real?  Or a Wireshark fluke?  Anybody seen such a thing?
Any explanations would be greatly appreciated!
 
My local machine in the trace is 192.168.1.9.  All the packets out to
the internet  appear to be sent twice.  And the time between them is
very, very small...  The identical packet seems to go out immediately.
I can attach the trace file itself if it would be useful (it is 250k or
so...)

I am using Wireshark 1.0.0 install on this Windows 2k server SP4 with
all updates applied...
 
Brian
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

Attachment: wiretrace2.pcap
Description: wiretrace2.pcap