This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Filter for duplicate sequence numbers

0

Hello,

here is the background to my question:

It is suspected that the traffic going into a switch interface is being looped out the same interface again. To prove or disprove I captured the traffic in both directions on said interface.

If traffic were to looped out the same Interface I should see the same packet twice. The easiest way to show this would be to filter for duplicate sequence numbers (I stand to be corrected on this).

How do I do this in wireshark without specifying an exact sequene number?

Best regards, Tim

asked 14 Apr '14, 06:49

timmeh's gravatar image

timmeh
1111
accept rate: 0%

edited 14 Apr '14, 08:10

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142


One Answer:

0

You cannot filter on dependencies between two packets, but in your case you could look for tcp.analysis.retransmission since a duplicate packet would be flagged as retransmission by the TCP expert. That way the expert does the dependency check for you and you can just filter on the retransmission.

answered 14 Apr '14, 07:15

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Hello,

thanks for the info. This significantly reduced the number of packets to check and should get me the answer I need.

Thank you!

Best regards, Tim

(14 Apr '14, 07:34) timmeh