Wireshark-users: Re: [Wireshark-users] [Wireshark-dev] If anyone is willing to look at a capture?

From: "ronnie sahlberg" <ronniesahlberg@xxxxxxxxx>
Date: Fri, 12 Jan 2007 12:49:26 +1100
They are neither retransmissions nor out of order   they are duplicated by the stack/winpcap during packet capturing



See
http://wiki.wireshark.org/CaptureSetup/InterferingSoftware


On 1/12/07, Luis Ontanon <luis.ontanon@xxxxxxxxx> wrote:
ronnie,
    You should take a look at this capture. These out-if-order packets
look  to me more like retransmissions.

L,
   It appears that 192.168.70.42 transmits twice every TCP packet.
What's the cause I can't tell but that's certainly a problem of that
box. Try disabling the firewall if you have it and see if it still
happens.


On 1/12/07, L SB < lmsaeb@xxxxxxxxxxx> wrote:
> This is the capture from the PC I am having so many out of order packets
> from. If anyone is kin enough to take a peak and maybe save my sanity, I
> would be forever grateful.
>
> As you can see it is happening with multiple destinations.
>
> I have ruled out faulty nics, the network connection and even the PC itself
> (swapped the harddrive into a new machine).
>
> My only other step is to just reformat the PC???
>
>
> >From: "L SB" <lmsaeb@xxxxxxxxxxx>
> >Reply-To: Community support list for Wireshark
> ><wireshark-users@xxxxxxxxxxxxx>
> >To: wireshark-users@xxxxxxxxxxxxx
> >Subject: Re: [Wireshark-users] TCP out of order segments
> >Date: Thu, 11 Jan 2007 19:04:29 -0500
> >
> >I did some more testing and it is only happening on one PC. I have tried
> >changing network cards and even the motherboad and a new network
> >connection.
> >At this point, it seems to be software related. Do you think LANMAN could
> >cause this flood of out of segment packets?
> >
> >
> > >From: "Frank Bulk" < frnkblk@xxxxxxxxx>
> > >Reply-To: frnkblk@xxxxxxxxx,Community support list for Wireshark
> > >< wireshark-users@xxxxxxxxxxxxx>
> > >To: "'Community support list for Wireshark'"
> > ><wireshark-users@xxxxxxxxxxxxx>
> > >Subject: Re: [Wireshark-users] TCP out of order segments
> > >Date: Thu, 11 Jan 2007 15:41:04 -0600
> > >
> > >You'll want to do a packet trace of the transmitting computer and see if
> > >they're being sent out on an orderly basis.
> > >
> > >Frank
> > >
> > >-----Original Message-----
> > >From: wireshark-users-bounces@xxxxxxxxxxxxx
> > >[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Stephen
> >Fisher
> > >Sent: Thursday, January 11, 2007 10:50 AM
> > >To: Community support list for Wireshark
> > >Subject: Re: [Wireshark-users] TCP out of order segments
> > >
> > >On Thu, Jan 11, 2007 at 03:10:46AM -0500, L SB wrote:
> > >
> > > > Would asymmetric routing be a problem if the machines exist on the
> > > > same subnet?
> > >
> > >No, since there is no routing going on there.
> > >
> > >
> > >Steve
> > >
> > >_______________________________________________
> > >Wireshark-users mailing list
> > > Wireshark-users@xxxxxxxxxxxxx
> > >http://www.wireshark.org/mailman/listinfo/wireshark-users
> > >
> > >_______________________________________________
> > >Wireshark-users mailing list
> > >Wireshark-users@xxxxxxxxxxxxx
> > > http://www.wireshark.org/mailman/listinfo/wireshark-users
> >
> >_________________________________________________________________
> >From photos to predictions, The MSN Entertainment Guide to Golden Globes
> >has
> >it all. http://tv.msn.com/tv/globes2007/?icid=nctagline1
> >
> >_______________________________________________
> >Wireshark-users mailing list
> >Wireshark-users@xxxxxxxxxxxxx
> >http://www.wireshark.org/mailman/listinfo/wireshark-users
>
> _________________________________________________________________
> Fixing up the home? Live Search can help
> http://imagine-windowslive.com/search/kits/default.aspx?kit=improve&locale=en-US&source=hmemailtaglinenov06&FORM=WLMTAG
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
>
>


--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev