Running wireshark 1.0.0 on Windows XP, SP #2, IBM Think Centre, Pentium 4, Intel® PRO/1000 MT
is showing me duplicate packets, but I don’t think the duplicate packets are actually being sent to the network.
I did a test that involves 3 computers:
Machine A - Windows IP 9.53.23.38 sending ICMP ping requests
Machine B - Windows IP 9.48.150.77 receiving ICMP ping requests
Machine C - Linux machine on the same bridge as Machine A and can see all traffic to/from Machine A
Running wireshark on machine A shows duplicate ping requests.
Running wireshark on machine B shows no duplicates, but shows ping requests/replies
Running wireshark on machine C shows no duplicates.
wireshark 1.0..0
Copyright 1998-2008 Gerald Combs <
gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.5,
with ADNS, with Lua 5.1, with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT
Kerberos, with PortAudio V19-devel, with AirPcap.
Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9..5, without
AirPcap.
Built using Microsoft Visual C++ 6.0 build 8804
Press any key to exit
On my hardware with XP SP#2 I can recreate this just by running "ping <hostname>".
I have seen the same thing on an IBM T42P laptop with an intel ethernet NIC.
I do have a symantec software firewall that may be related, but I tried temporarily turning off the
software firewall and I still saw duplicates.
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile.
