LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   why i see same packet twice on network interface? (https://www.linuxquestions.org/questions/linux-networking-3/why-i-see-same-packet-twice-on-network-interface-256373/)

cranium2004 11-18-2004 06:56 AM
why i see same packet twice on network interface?
 
whenever i capture packets on my standalone home pc i found that i am getting or capture analysis tells that each packet is captured twice. why am i getting same packets twice entry in packet capture. i use simple sniffer C program also iptraf utility. but getting same results why?
i am using redhat linux 9.0 with 2.4.20-8 kernel.

bignerd 11-18-2004 08:34 AM
how do you know it's the same packet twice?

Don't just go on the ip address. Check the MAC as well.

-b

cranium2004 11-19-2004 12:14 AM
i have no lan card on my home pc. i am using tcpdump as well as sniffer programs that give me results that each loopback packet on 127.0.0.1 appear as 2 packets in packet capture analysis by pinging to 127.0.0.1

what is problem?

lazlow69 11-19-2004 12:48 AM
You are most likely seeing the ICMP ping packet that is both a request and a reply, like the full message of "hey you there, yep I'm here" or more like "am I me, yep I'm me" in the case of the loopback...

cranium2004 11-19-2004 01:12 AM
no i check all analysis. for each ping echo request and reply i get 4 packets observations for one request 2 packets are counted and for one reply 2 packets are counted.

daveyroy 11-26-2004 07:35 AM
Can anyone help?

I'm in my final year of a Bsc Computer Systems degree. For my final year project I have to
design and implement a simple Linux network on 3 Pc's and then design and
implement a Network Analyser based on tcpdump.
I have successfully networked 3 Pcs using Linux Red Hat 9. The network is
private and I has no Internet access. The next phase of the project is (I
quote) 'to
design and implement a network analyser based on tcpdump' is the stage I'm
up too.
I don't understand how to utilise this tcpdump to get information. Is this a
facility built into Red Hat 9? Can you output tcpdump contents to a file?
then manipulate this to extract information I require?

From the information I've gathered so far from my supervisor and reading on
this subject, I think I have to somehow direct output from the tcpdump to
file then somehow using GAWK dissect and output info to screen i.e.. say
source and destination address, protocol used etc... Could you please help
me with any information to be able to do the above if this is along the
right tracks as I'm now struggling implement this final stage of my project.

Some more info if it helps at all?

I have to simulate traffic on my private network and capture what every it
is I have sent, for example using ftp to send a file from one host to
another. I need to provide means of capturing both UDP and TCP packets so I
will need to research which protocol uses what. But its understanding and
being able to work with tcpdump which is where I'm struggling. I read the
man pages but find them a bit vague.



Any information would be appreciated!!

Darin 11-26-2004 09:42 AM
I was thinking that your capture program probably sits somewhere in the middle of the protocol stack. It happens to see each packet twice not because there are two packets but because the loopback interface sends packets down to the bottom and then they come right back up again. Each packet would pass by the network analyzer twice, once on the way down and then again as it gets bounced back up the protocol stack by loopback.


All times are GMT -5. The time now is 03:33 PM.