I have a customer trace that is showing duplicate RTP packets (lost RTP packets shows a negative number). My span session on a Cisco 2940 is only spanning the interface, not the VLAN and is correct:- monitor session 1 source interface fa0/1 monitor session 1 destination interface fa0/8 encaps dot1q However, after taking the trace I found that both data & voice all use the same VLAN (OK poor network design). Is it possible to build a display filter to show the duplicate packets, so as I can set up a color filter to show them? asked 17 Aug '12, 07:32  KeithFrench |
One Answer:
You will need to find a criteria you can filter on. It should be one value for the "originals" and another for the duplicates. If you don't have exact byte-by-byte duplicates this should be possible; often you can use the VLAN ID (if you have duplicate packets on different VLANs) or the TTL (which is usually 1 less after the packet was routed). If you can find a criteria that works for you just right click on the field in the decode and select "Apply as Filter -> selected" to filter the packets. You get the other half by negating the filter. answered 17 Aug '12, 09:48  Jasper ♦♦ |
