Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Get all the duplicate packets

From: Kevin Cullimore <kcullimo () runbox com>
Date: Wed, 19 Sep 2012 16:53:53 -0400
On 9/19/2012 4:19 PM, Boaz Galil wrote:
Editcap -d will remove all the duplicates! I actually want to find all the duplicate packets.... for example if I have a capture that consist of 100 packets. and we have 10 packets inside those 100 packets that are duplicate across the capture (meaning that I have 20 packets instead of 10). I want to get those 20 packets.
If they appear in the Expert Info dialog box, the "expert.message contains " display filter may well prove somewhat useful. 

Hope that the above make sense.
On Wed, Sep 19, 2012 at 4:11 PM, <Tim.Poth () bentley com <mailto:Tim.Poth () bentley com>> wrote: 

    Have a look at mergecap and editcap (-d) in the wireshark folder.

    *From:*wireshark-users-bounces () wireshark org
    <mailto:wireshark-users-bounces () wireshark org>
    [mailto:wireshark-users-bounces () wireshark org
    <mailto:wireshark-users-bounces () wireshark org>] *On Behalf Of
    *Boaz Galil
    *Sent:* Wednesday, September 19, 2012 3:32 PM
    *To:* Community support list for Wireshark
    *Subject:* [Wireshark-users] Get all the duplicate packets

    Dear experts,

    I have 20 capture files (100MB) -- I would like to find all the
    duplicate packets (preferred is to eventually have one packet
    capture with all the duplicate packets). Is it something doable?


    ___________________________________________________________________________
    Sent via:    Wireshark-users mailing list
    <wireshark-users () wireshark org <mailto:wireshark-users () wireshark org>>
    Archives: http://www.wireshark.org/lists/wireshark-users
    Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
                 mailto:wireshark-users-request () wireshark org
    <mailto:wireshark-users-request () wireshark org>?subject=unsubscribe




___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
              mailto:wireshark-users-request () wireshark org?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: