Wireshark mailing list archives

Re: de-duplicate packets by capture filter

From: Guy Harris <guy () alum mit edu>
Date: Mon, 28 Nov 2011 21:25:57 -0800


On Nov 28, 2011, at 9:10 PM, Andrej van der Zee wrote:

For a setup at one of our clients I get duplicate packets on a
monitoring port. Unfortunately we are not able to change the switch
settings. Therefor I would like to use a capture filter to
de-duplicate. What would be candidate solutions for this?


Unfortunately, if by "duplicate" you mean "bit-for-bit identical", there is no candidate solution that involves capture 
filters, as capture filters are stateless - you couldn't write a filter that just looks at the bits of the packets and 
eliminates duplicates.

If they're *not* bit-for-bit identical, and, for example, the source or destination MAC addresses differ, you might be 
able to use that.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

de-duplicate packets by capture filter Andrej van der Zee (Nov 28)
- Re: de-duplicate packets by capture filter Guy Harris (Nov 28)
  - Re: de-duplicate packets by capture filter Andrej van der Zee (Nov 28)
    - Re: de-duplicate packets by capture filter Guy Harris (Nov 28)
    - Re: de-duplicate packets by capture filter Andrej van der Zee (Nov 28)