This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Packets appear twice

0

Hi folks!

I have a strange issue. It seems that the GSM packets which I filter out by gsm_map are shown twice, as appears in the below screenshot: alt text

I use the following command from command line to capture the traffic:

tcpdump -i any -s0 -w test.cap

Any clue why such behavior could occur?

Thanks!

asked 19 Apr '12, 07:47

Eugene%20S's gravatar image

Eugene S
21225
accept rate: 0%

One Answer:

2

If you are capturing of an interface connected to a monitor/span port of a switch you might get packets written to your trace file twice ingress/egress depending on how you have set up your monitoring.

answered 19 Apr '12, 09:23

Anders's gravatar image

Anders ♦
4.6k952
accept rate: 17%

1

...or if you capture on the "any" interface of a Linux-based router and the traffic shows up on multiple physical interfaces.

(19 Apr '12, 10:16) Gerald Combs ♦♦

@Anders and @Gerald Combs, thanks a lot for your comments! However I'm still a novice in this area and I'm not sure I understand your answers completely. Could you please provide a bit more details about what causing this behavior and how to solve this problem. Maybe you can provide some links for further reading.. Thanks again!

(20 Apr '12, 01:32) Eugene S