ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-users: Re: [Ethereal-users] Duplicate packet display in MS Windows 0.8.1 7 - known b

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Adrian Johnson <adrian@xxxxxxxxxxxxxxxxx>
Date: Thu, 14 Feb 2002 18:55:50 -0000
I have Win2K, Ethereal 0.9.1, WinPcap 2.2 and this occurs for me too.  I have unloaded the SafeNet VPN client and disabled the IPSECMON and IREIKE services asssociated with the VPN client as Ronald's note suggests but it still happens.
 
Can anyone tell me how to get a list of what to unload / unbind from the network adaptor to eliminate this problem?  There used to be a bindings view in NT4 - does it exist in W2K?
 
Thanks,
            Ade!
 
"Ronald W. Henderson" wrote:
>
> James:
>
> I have seen this on my W2K machine when one has a an additional shim or
> a component tied to a network adapter such as CheckPoint SecuRemote
> (client VPN for windows). What I do is to uncheck the component for
> Ethereal usage (don't have to reboot with the w2k OS) and the
> duplication of packets no longer occurs.
>
> James Garrison wrote:
>
> > The MS Windows port of 0.8.17 appears to be duplicating outgoing
> > packets in the display.  This may be a pcap problem since the
> > duplicates have slightly different timestamps (by about 75 us).
> > I have screen shots of the same interaction as seen from both
> > ends of the wire, one running Ethereal Windows and the other
> > Ethereal on Linux.  The Linux side has no duplicate packets.
> >
> > I wasn't sure if I should include binary attachments in posts
> > to this list.  If this isn't a known problem and someone wants
> > to see them, let me know.

 
Adrian Johnson
UK Consulting
Hyperformix
Tel: +44 (0)1635 41100  Fax: +44 (0)1635 46918
adrian@xxxxxxxxxxxxxxxxx
Visit our Web site at: www.hyperformix.com
 

This message has been 'sanitized'. This means that potentially dangerous content has been rewritten or removed. The following log describes which actions were taken. 


Sanitizer (start="1013715465"):
  Part (pos="1379"):
    SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
      Match (rule="2"):
        Enforced policy: accept

  Part (pos="3073"):
    SanitizeFile (filename="unnamed.html", mimetype="text/html"):
      Match (rule="default"):
        Enforced policy: accept

    Rewrote HTML tag: >>_META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"_<<
                  as: >>_MANGLED_ON_PURPOSE_META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"_<<
    Rewrote HTML tag: >>_META content="MSHTML 5.50.4913.1100" name=GENERATOR_<<
                  as: >>_MANGLED_ON_PURPOSE_META content="MSHTML 5.50.4913.1100" name=GENERATOR_<<
    Total modifications so far: 2

Anomy 0.0.0 : Sanitizer.pm $Id: Sanitizer.pm,v 1.32 2001/10/11 19:27:15 bre Exp $

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube