Sorry in my first email I forgot to state the mergecap syntax I was using. It is:-
mergecap -F libpcap -w merged.pcap client.pcap server.pcap
Where "client.pcap" & "server.pcap" are the traces from either end of the connection and "merged.pcap" is my resulting merged trace.
Keith French.
________________________________
From: Keith French
Sent: Wed 26/05/2010 15:32
To: wireshark-users@xxxxxxxxxxxxx
Subject: Merging files duplicate acks & retransmissions
I have two capture taken on two laptops at either end of a client/server scenario. I want to merge them to use later with the new compare feature on Wireshark's Statistics menu. Neither trace has any TCP analysis flags set, other than a few window size updates & 1 retransmission.
However, when I merge them with Mergecap chronologically, I end up with about 400 TCP window size updates, duplicate acks & retransmissions etc.
I have tried this on several different trace scenarios and get similar results. Why doe this happen?
Keith French.