On Nov 28, 2011, at 9:10 PM, Andrej van der Zee wrote:
> For a setup at one of our clients I get duplicate packets on a
> monitoring port. Unfortunately we are not able to change the switch
> settings. Therefor I would like to use a capture filter to
> de-duplicate. What would be candidate solutions for this?
Unfortunately, if by "duplicate" you mean "bit-for-bit identical", there is no candidate solution that involves capture filters, as capture filters are stateless - you couldn't write a filter that just looks at the bits of the packets and eliminates duplicates.
If they're *not* bit-for-bit identical, and, for example, the source or destination MAC addresses differ, you might be able to use that.