On 01/15/15 00:00, Manolis Katsidoniotis wrote:
Hello
This is a long shot my apologies if the question is not directly related
to this forum.
In our lab we use (linux) tcpdump to capture frames (using interface
"any" for applications that do not communicate internally) and wireshark
to view and process the captured frames.
Lately after some upgrades we've been noticing the same frame is
captured twice, once including the vlan tag and once with the tag
stripped (actually sometimes we've noticed several repeated frames)
Does anyone happen to know how we can eliminate this
a. either during capture (via linux tcpdump) or
b. during display (take out the duplicate frames)?
I'd suggest a capture filter of "vlan" or "not vlan" (depending on which
you prefer to see): drop the duplicate packets sooner rather than
dealing with them later.