Wireshark · Ethereal-dev: [Ethereal-dev] Duplicate Packets Captured

Ethereal-dev: [Ethereal-dev] Duplicate Packets Captured

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Mon, 21 Jun 2004 15:55:43 -0400




Hi,

I am using Ethereal 0.10.4 and WinPcap 2.3 on a laptop with Win2k and a
Sierra Wireless AirCard 750 to analyze network traffic on a GPRS network.
I wrote a small program to send 1 UDP datagram to an IP address.  After
stopping the capture, I see 2 identical UDP packets with the IP address as
destination in the list of packets captured.  When I run the same program,
while capturing over an ethernet adapter, I see just 1 UDP packet in the
capture.  This also happens with WinPcap 3.0.  Can anyone tell me what is
going on here?  I can send the capture file if needed.

The reason I did this experiment is that I saw 2 of every UDP datagram in a
larger UDP transfer to the server.  Also, in a large TCP/IP transfer, I saw
2 or 3 of every TCP packet sent from the laptop to the server (with the 2nd
labelled TCP Retransmission or TCP Dup ACK).  It seems odd to me that the
network is either dropping every packet on 1st send, or that the
retransmission timer is timing out every time and not adapting to the RTT.

Thanks for any insight,

Andy Quick

Follow-Ups:
- Re: [Ethereal-dev] Duplicate Packets Captured
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] FYI: Starting webbrowser from Help->Ethereal Online
Next by Date: Re: [Ethereal-dev] Stop capture after [size] broken?
Previous by thread: Re: [Ethereal-dev] FYI: Starting webbrowser from Help->Ethereal Online
Next by thread: Re: [Ethereal-dev] Duplicate Packets Captured
Index(es):
- Date
- Thread