why i see same packet twice on network interface?
whenever i capture packets on my standalone home pc i found that i am getting or capture analysis tells that each packet is captured twice. why am i getting same packets twice entry in packet capture. i use simple sniffer C program also iptraf utility. but getting same results why?
i am using redhat linux 9.0 with 2.4.20-8 kernel. |
how do you know it's the same packet twice?
Don't just go on the ip address. Check the MAC as well. -b |
i have no lan card on my home pc. i am using tcpdump as well as sniffer programs that give me results that each loopback packet on 127.0.0.1 appear as 2 packets in packet capture analysis by pinging to 127.0.0.1
what is problem? |
You are most likely seeing the ICMP ping packet that is both a request and a reply, like the full message of "hey you there, yep I'm here" or more like "am I me, yep I'm me" in the case of the loopback...
|
no i check all analysis. for each ping echo request and reply i get 4 packets observations for one request 2 packets are counted and for one reply 2 packets are counted.
|
Can anyone help?
I'm in my final year of a Bsc Computer Systems degree. For my final year project I have to design and implement a simple Linux network on 3 Pc's and then design and implement a Network Analyser based on tcpdump. I have successfully networked 3 Pcs using Linux Red Hat 9. The network is private and I has no Internet access. The next phase of the project is (I quote) 'to design and implement a network analyser based on tcpdump' is the stage I'm up too. I don't understand how to utilise this tcpdump to get information. Is this a facility built into Red Hat 9? Can you output tcpdump contents to a file? then manipulate this to extract information I require? From the information I've gathered so far from my supervisor and reading on this subject, I think I have to somehow direct output from the tcpdump to file then somehow using GAWK dissect and output info to screen i.e.. say source and destination address, protocol used etc... Could you please help me with any information to be able to do the above if this is along the right tracks as I'm now struggling implement this final stage of my project. Some more info if it helps at all? I have to simulate traffic on my private network and capture what every it is I have sent, for example using ftp to send a file from one host to another. I need to provide means of capturing both UDP and TCP packets so I will need to research which protocol uses what. But its understanding and being able to work with tcpdump which is where I'm struggling. I read the man pages but find them a bit vague. Any information would be appreciated!! |
I was thinking that your capture program probably sits somewhere in the middle of the protocol stack. It happens to see each packet twice not because there are two packets but because the loopback interface sends packets down to the bottom and then they come right back up again. Each packet would pass by the network analyzer twice, once on the way down and then again as it gets bounced back up the protocol stack by loopback.
|
All times are GMT -5. The time now is 03:33 PM. |