[Ian Schorr <ethereal@xxxxxxxxxxxxx>]

Probably the best idea would be to work with a capture file that isn't 
broken.

One common mistake/problem occurs if you're monitoring an entire VLAN.  
On many switches, including Cisco, the default configuration when 
mirroring a VLAN is to copy packets as they enter and leave ports in 
the VLAN - therefore, if packets are switched between ports on the same 
VLAN, they are copied to the mirror port 1) when received by the VLAN, 
and again 2) when transmitted by the VLAN.

In this kind of case it's usually a better idea to either simply 
monitor the port that you're actually interested in traffic 
entering/leaving, or only monitor one direction (in-packets or 
out-packets, but not both).

However, question to the RTP guys, should there be additional logic 
that should kick in, in case *real* duplicates are observed?

Ian

On Oct 12, 2004, at 12:14 PM, Anders Broman (AL/EAB) wrote:

> Hi,
> When capturing off a mirroring port every second packet is often a 
> duplicate. This causes problems for the RTPanalysis.
> Would it be safe to not count packets with the same sequence number as 
> the previous packet in a stream ? or if the packet
> arrives within a to short time ? or a combination ? should such a 
> feature be configurable ?
>
> Best regards
> Anders
>
> _______________________________________________
> Ethereal-dev mailing list
> Ethereal-dev@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-dev