On Wed, May 23, 2007 at 06:14:53PM +0100, Piers Kittel wrote:
> So, the computers were run at the same time to capture the packets
> going between device A and B. I've got 2 files, like
> A-20070522-162040.gz and B-20070522-162040.gz. I've merged the two,
> and filtered out the packets I'm not interested in. Naturally, I see
> double of nearly all packets. What I'm interested in is to find
> packets that failed to reach the other side, so I'd like to filter out
> all packets that arrived successfully - how do I do this?
> Packet 4 failed to arrive however. How do I filter out Packets 1 and
> 2 but not 3?
There currently isn't a way to detect duplicate packets in Wireshark
that I know of. What would be needed is some sort of duplicate
detection that compares the payload of each packet against each other
packet. That would be computationally expensive, so it might be best
left as an option that you run one time, perhaps as part of the merge
captures process. Would it work for you to simply be told which are
duplicates or would you prefer them to be displayed in the protocol tree
(by default the middle pane) and be filterable? It would be best if you
could go to http://bugs.wireshark.org and submit a bug report requesting
this and mark it as an "enhancement request." Thanks!
Steve
