When running a ping -t to one of our Cisco routers, we noticed on occasion a (DUP!) after a few of the replies. When looking at the pcap, I can see the sequence number of the request with 2 replies from the same target. The only difference I could see was that in the first reply, WS showed that it was a response to the requesting packet and in the second reply, there was no such reference. 99% of the pings are fine but now we have concerns that the unit might be defective. How should I interprete these duplicate replies? Thanks asked 16 May '12, 20:01  EricKnaus |
One Answer:
Regards answered 17 May '12, 00:36  Kurt Knochner ♦ edited 17 May '12, 00:57 showing 5 of 6 show 1 more comments |
Kurt - No HSRP. Pinging across the Internet (to a WAN), same MAC - nothing else was plugged into the router when we were testing this.
Thanks
Eric
Is the router publicly pingable so we might be able to reproduce the issue? Do you see duplicates from multiple sources to this router? Do you see duplicates ping other systems from the same source?
can you post a cpature file with the DUP replys to cloudshark.org? Did both replies have the same TTL?
I was going to but the owner asked me not to because he did not want the world pinging it all day! Looking for a plan B
You may send me a small capture file with the dup ping responses in it at [email protected]SYN-bit.nl and I will have a quick look at it to see whether I can see anything funny in the trace.
you could randomize the ip addresses with tcprewrite http://tcpreplay.synfin.net/wiki/tcprewrite and then post the capture file on cloudshark.org