Ethereal-users: [Ethereal-users] Re: Duplicate packets captured in local machine. (Ronnie Sahlbe
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Chau Dang" <cdang@xxxxxxxxxxxxxxx>
Date: Tue, 6 Apr 2004 09:39:04 -0700
Hello, Thank for replying! Let me add additional information on the problem: Yes, I am using Win2K. I used the previous version of Ethereal 0.09.x before and it worked fine, no such problem. Suddenly, last week I noticed the problem. Then I used the tool Network monitor (netmon.exe) from Microsoft and it does not have that same problem. So, wondering that my current Ethereal may be old, I downed load the new version of Ethereal (0.10.3) and it produces the same problem. >From your email, I understand that the DLL from winpcap may be at fault. I will update that and try again to see if it fixes the bug. No, I am not using BlackIce. Thanks, cdang. -----Original Message----- From: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx]On Behalf Of ethereal-users-request@xxxxxxxxxxxx Sent: Monday, April 05, 2004 9:56 PM To: ethereal-users@xxxxxxxxxxxx Subject: Ethereal-users Digest, Vol 12, Issue 5 Send Ethereal-users mailing list submissions to ethereal-users@xxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit http://www.ethereal.com/mailman/listinfo/ethereal-users or, via email, send a message with subject or body 'help' to ethereal-users-request@xxxxxxxxxxxx You can reach the person managing the list at ethereal-users-owner@xxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of Ethereal-users digest..." Today's Topics: 1. (no subject) (mikeg) 2. IO Graphs - SUM & Count (keith.french@xxxxxx) 3. packet simulatoin (Felczak Andrzej) 4. Rob Flentge/Mechanicsburg/US/Exel is out of the office. (Rob Flentge) 5. Re: packet simulatoin (Guy Harris) 6. Re: packet simulatoin (Martin Regner) 7. (no subject) (jlmachado@xxxxxxxxxxxxx) 8. Re: IO Graphs - SUM & Count (Ronnie Sahlberg) 9. Duplicate packets captured in local machine. (Chau Dang) 10. Re: Duplicate packets captured in local machine. (Ronnie Sahlberg) 11. RE: (no subject) (Visser, Martin) 12. Re: (no subject) (Justin Walker) 13. IO Graphs - SUM & Count (Keith French) 14. rtp packets (Charles Dunkirk) 15. Hello please send me a logfile with IEE802.11 frames sample+ (Chitti.B.Yelubandi-1) 16. Ethereal and Site-to-Site VPNs (PM Systems - Chris Kroll) 17. (no subject) (Thomas Fuquay) 18. (no subject) (Thomas Fuquay) 19. RE: Ethereal and Site-to-Site VPNs (Visser, Martin) ------------------------------ Message: 9 Date: Mon, 5 Apr 2004 14:51:36 -0700 From: "Chau Dang" <cdang@xxxxxxxxxxxxxxx> Subject: [Ethereal-users] Duplicate packets captured in local machine. To: "Ethereal" <ethereal-users@xxxxxxxxxxxx> Message-ID: <MHENJPLHCLPMPGPDDEDAIEAHCHAA.cdang@xxxxxxxxxxxxxxx> Content-Type: text/plain; charset="iso-8859-1" Hi, I got a little annoying problem. When I run Ethereal on my PC, it captures packets sent from the PC duplicatedly with different time stamp. And I know that this is Ethereal problem because I used other packet capture utilities and that problem does not show up. Attached is the capture file, and you can open it with Ethereal (file type: libpcap) The IP address on my machine is: 192.168.11.188 Is there any way to disable/work around for the problem? Thanks, cdang -------------- next part -------------- A non-text attachment was scrubbed... Name: duplicate Type: application/octet-stream Size: 13074 bytes Desc: not available Url : /pipermail/attachments/20040405/b12d9978/duplicate.obj ------------------------------ Message: 10 Date: Tue, 6 Apr 2004 08:17:12 +1000 From: "Ronnie Sahlberg" <ronnie_sahlberg@xxxxxxxxxxxxxx> Subject: Re: [Ethereal-users] Duplicate packets captured in local machine. To: "Ethereal user support" <ethereal-users@xxxxxxxxxxxx> Message-ID: <009301c41b5b$beab0770$6501010a@C5043436> Content-Type: text/plain; charset="iso-8859-1" What other packet capture utilities did you test with? Ethereal itself does not capture packets at all and does not have the ability to capture packets. What can capture packets (and i assume you are on a windows host since you get this issue) on a windows host is the WinPcap dll from : http://winpcap.polito.it/default.htm Please test if the same thing occurs when you capture using other tools other than ethereal such as Analyzer and WinDump also available from the pcap guys : http://netgroup-serv.polito.it/netgroup/tools.html I bet that you will see the same issue. Are you using BlackIce? If so, BlackIce or WinPCap, or the combination of both are broken under some circumstances and will duplicate all incoming or outgoing packets exactly in the way you observe. I would advice to contact the vendor of BlackIce to see if they can fix that bug or that bad interaction their product has with WinPCap. ----- Original Message ----- From: "Chau Dang" Sent: Tuesday, April 06, 2004 7:51 AM Subject: [Ethereal-users] Duplicate packets captured in local machine. > Hi, > > I got a little annoying problem. When I run Ethereal on my PC, it captures > packets sent from the PC duplicatedly with different time stamp. And I know > that this is Ethereal problem because I used other packet capture utilities > and that problem does not show up. > > Attached is the capture file, and you can open it with Ethereal (file type: > libpcap) > The IP address on my machine is: 192.168.11.188 > > > Is there any way to disable/work around for the problem? > > Thanks, > cdang >
- Follow-Ups:
- Prev by Date: Re: [Ethereal-users] Ethereal and Site-to-Site VPNs
- Next by Date: Re: [Ethereal-users] IO Graphs - SUM & Count
- Previous by thread: [Ethereal-users] Different Stream Content displays (GTK1 or GTK2)
- Next by thread: Re: [Ethereal-users] Re: Duplicate packets captured in local machine. (Ronnie Sahlberg)
- Index(es):