["ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>]

It looks like you capture all outgoing packets twice some 30us apart.

Is this captured on windows hosts? do you use something like BlackIce on that windows host?


There is some interaction between tools such as BlackIce and the capture process on windows that sometimes lead to the outgoing packets being captured twice in exactly this manner.

On 9/28/06, Sean Baker <sbaker48@xxxxxxxxx> wrote:

I am new to using Ethereal/Wireshark, and I am trying to evaluate a TFTP transfer that is taking place over a mesh connection. I have a capture from each side of the transfer, and I have pasted the first few blocks from each below.
I am trying to figure out, is there something wrong in the transfer, or in my capture, or is nothing wrong at all and this somehow makes sense. I used Ethereal 0.99.0 to take the capture (I only just now figured out the name change)


On the sending machine:

10 0.020317  10.161.132.1      10.162.85.1      TFTP   Write Request, File: test.dat, Transfer type: octet
11 0.020343  10.161.132.1     10.162.85.1      TFTP   Write Request, File: test.dat, Transfer type: octet
13 0.035808  10.162.85.1      10.161.132.1     TFTP   Acknowledgement, Block: 0
14 0.043239  10.161.132.1     10.162.85.1      TFTP   Data Packet, Block: 1
15 0.043337  10.161.132.1     10.162.85.1      TFTP   Data Packet, Block: 1
16 0.054922  10.162.85.1      10.161.132.1     TFTP   Acknowledgement, Block: 1
17 0.074384  10.161.132.1     10.162.85.1      TFTP   Data Packet, Block: 2
18 0.074478  10.161.132.1     10.162.85.1      TFTP   Data Packet, Block: 2
19 0.086024  10.162.85.1      10.161.132.1     TFTP   Acknowledgement, Block: 2
20 0.131180  10.161.132.1     10.162.85.1      TFTP   Data Packet, Block: 3
21 0.131295  10.161.132.1     10.162.85.1      TFTP   Data Packet, Block: 3
22 0.142934  10.162.85.1      10.161.132.1     TFTP   Acknowledgement, Block: 3
23 0.152583  10.161.132.1     10.162.85.1      TFTP   Data Packet, Block: 4
24 0.152693  10.161.132.1     10.162.85.1      TFTP   Data Packet, Block: 4
25 0.164278  10.162.85.1      10.161.132.1     TFTP   Acknowledgement, Block: 4
...

Summary:
    Bytes: 3282764
    Avg. bytes/sec: 67510.174
    Avg. MBit/sec: 0.540

========

On the receiving machine:

11 7.662706  10.161.132.1     10.162.85.1      TFTP   Write Request, File: test.dat , Transfer type: octet
12 7.664711  10.162.85.1      10.161.132.1     TFTP   Acknowledgement, Block: 0
13 7.664737  10.162.85.1      10.161.132.1     TFTP   Acknowledgement, Block: 0
14 7.684252  10.161.132.1     10.162.85.1      TFTP   Data Packet, Block: 1
15 7.684324  10.162.85.1      10.161.132.1     TFTP   Acknowledgement, Block: 1
16 7.684335  10.162.85.1      10.161.132.1     TFTP   Acknowledgement, Block: 1
17 7.715359  10.161.132.1     10.162.85.1      TFTP   Data Packet, Block: 2
18 7.715415  10.162.85.1      10.161.132.1     TFTP   Acknowledgement, Block: 2
19 7.715426  10.162.85.1      10.161.132.1     TFTP   Acknowledgement, Block: 2
20 7.772210  10.161.132.1     10.162.85.1      TFTP   Data Packet, Block: 3
21 7.772330  10.162.85.1      10.161.132.1     TFTP   Acknowledgement, Block: 3
22 7.772347  10.162.85.1      10.161.132.1     TFTP   Acknowledgement, Block: 3
23 7.793593  10.161.132.1     10.162.85.1      TFTP   Data Packet, Block: 4
24 7.793682  10.162.85.1      10.161.132.1     TFTP   Acknowledgement, Block: 4
25 7.793698  10.162.85.1      10.161.132.1     TFTP   Acknowledgement, Block: 4
...

Summary:
    Bytes: 1745089
    Avg. bytes/sec: 35897.661
    Avg. MBit/sec: 0.287


Thanks for any advice,
--Sean


_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users