Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Wireshark-users: Re: [Wireshark-users] Trouble with SSL dissector - got ithalf working!

Date Index Thread Index Other Months All Mailing Lists

Date Prev Date Next Thread Prev Thread Next

From: Jack Jackson <jack@xxxxxxxxxxxxxxx>
Date: Wed, 30 Sep 2009 17:54:29 -0700

At 08:40 AM 9/30/2009, Sake Blok wrote:

Duplicate packets will be displayed as "ouf-of-order" at the tcp level, as there is no code (yet) to recognize these packets as duplicates. I bet you are capturing traffic to and from a VM on the host on which this VM runs. In VMware, this results in duplicates (I have no idea why, anyone?).

My Windows 2008 Server running in VMWare Server 2 duplicates most outbound packets. One is sent with the MAC address of the host and the other with the MAC address of the VM. This causes some problems with my firewall, but I have never been able to figure out why it happens. I found one post about this but there was no explanation or resolution.

References:
- [Wireshark-users] Trouble with SSL dissector - got it half working!
  - From: Dominic Tulley
- Re: [Wireshark-users] Trouble with SSL dissector - got it half working!
  - From: Sake Blok
- Re: [Wireshark-users] Trouble with SSL dissector - got it half working!
  - From: Dominic Tulley
- Re: [Wireshark-users] Trouble with SSL dissector - got ithalf working!
  - From: Sake Blok

Prev by Date: Re: [Wireshark-users] Support for RADIUS (RFC 3576, RFC3579, RFC3580)?
Next by Date: Re: [Wireshark-users] PID as column on Wireshark
Previous by thread: Re: [Wireshark-users] Trouble with SSL dissector - got ithalf working!
Next by thread: [Wireshark-users] What (RA) next to destination MAC addr. stands for?
Index(es):
- Date
- Thread