Wireshark-users: Re: [Wireshark-users] Duplicate Packet ID
From: "Laura Chappell" <lchappell@xxxxxxxxxxxxxxxx>
Date: Tue, 16 Jan 2007 18:44:51 -0800
Reza... Here is an idea, but it will only dump the duplicate packet (not the original) and it is set for TCP only. No UDP equivalent that I know of. tshark -R tcp.analysis.retransmission -w <filename> Use the capital 'R' to indicate you are using display filter syntax. The retransmissions are defined as TCP packets that contain data but use the same sequence number. There is some checking done to ensure the packets are not just out-of-order packets (which is probably not typical anyway). I think the TCP.analysis.duplicate_ack will only show you that a receiver has noticed a missing segment and is re-acking for the missing segment. A good thing to know, but it seems you are more interested in duplicate data packets (UDP-based application?)... Hope that helps... Laura lchappell@xxxxxxxxxxxxxxxx This message is intended only for the use of the addressee and may contain information that is privileged and confidential. If you are not the intended recipient, you are hereby notified that any use and/or dissemination of this communication is strictly prohibited. If you have received this communication in error, please delete all copies of the message and its attachments and notify the sender immediately. -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Fardid, Reza Sent: Tuesday, January 16, 2007 5:58 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] Duplicate Packet ID Hi Hans, How does it identify duplicates? Is there a UDP equivalent? Thanks, -Reza -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Hans Nilsson Sent: Monday, January 15, 2007 11:46 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] Duplicate Packet ID How about "tcp.analysis.duplicate_ack". On Mon, 15 Jan 2007 14:29:56 -0800, "Fardid, Reza" <RFardid@xxxxxxxxx> said: > Hi, > > > > Is there a mechanism in T(ethereal) for identification (e.g., using > Frame Check) and filtering (capture or display) of duplicate packets? > > I realize there is a performance penalty to pay for such capture > filtering, if supported. > > > > Thanks, > > -Reza > > > > > > > -- Hans Nilsson hasse_gg@xxxxxxxx -- http://www.fastmail.fm - Or how I learned to stop worrying and love email again _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-users _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-users
- References:
- Re: [Wireshark-users] Duplicate Packet ID
- From: Fardid, Reza
- Re: [Wireshark-users] Duplicate Packet ID
- Prev by Date: Re: [Wireshark-users] Duplicate Packet ID
- Next by Date: [Wireshark-users] Wireshark SVN crashs when opening certain kerberos traces
- Previous by thread: Re: [Wireshark-users] Duplicate Packet ID
- Next by thread: [Wireshark-users] Help on Solaris9 Shutdown Problem while Capturing Packets
- Index(es):
- Get Wireshark
- Download
- Code of Conduct