Wireshark · Wireshark-users: [Wireshark-users] editcap and duplicate removal

Wireshark-users: [Wireshark-users] editcap and duplicate removal

From: Phillip Heller <pheller@xxxxxx>

Date: Fri, 19 Dec 2008 18:59:14 +0100

So I have a vlan spanned on a Cisco 3560, and did not specify rx ortx, so it therefore defaults to snooping both, resulting in duplicatepackets.

I ran editcap -d against the capture file, which did remove theduplicates -- but only in one direction!

This specific capture was of a SIP call, and when I open the resultantfile, I still see that the SIP and RTP data from my media gatewaytowards provider is duplicated.

It's not a giant deal, but it makes the RTP media stream playbackpretty much suck.


Anyone else run into this?

--phil

Prev by Date: [Wireshark-users] Unrecognized libpcap format
Next by Date: Re: [Wireshark-users] Negative Fibre Channel scsi_time values
Previous by thread: [Wireshark-users] Unrecognized libpcap format
Next by thread: [Wireshark-users] Wireshark on Ubuntu with IWL3945 captures only management traffic when in monitor mode
Index(es):
- Date
- Thread