[Kevin Cullimore <kcullimo@xxxxxxxxxx>]

On 9/19/2012 4:19 PM, Boaz Galil wrote:

Editcap -d will remove all the duplicates! I actually want to find all the duplicate packets.... for example if I have a capture that consist of 100 packets. and we have 10 packets inside those 100 packets that are duplicate across the capture (meaning that I have 20 packets instead of 10). I want to get those 20 packets.

If they appear in the Expert Info dialog box, the "expert.message contains " display filter may well prove somewhat useful.

Hope that the above make sense.

On Wed, Sep 19, 2012 at 4:11 PM, <Tim.Poth@xxxxxxxxxxx> wrote:

Have a look at mergecap and editcap (-d) in the wireshark folder.

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Boaz Galil
Sent: Wednesday, September 19, 2012 3:32 PM
To: Community support list for Wireshark
Subject: [Wireshark-users] Get all the duplicate packets

 

Dear experts,

 

I have 20 capture files (100MB) – I would like to find all the duplicate packets (preferred is to eventually have one packet capture with all the duplicate packets). Is it something doable?

 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe