LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 11-18-2004, 06:56 AM   #1
cranium2004
Member
 
Registered: Feb 2004
Distribution: FC4,RHEL4
Posts: 223

Rep: Reputation: 30
why i see same packet twice on network interface?


whenever i capture packets on my standalone home pc i found that i am getting or capture analysis tells that each packet is captured twice. why am i getting same packets twice entry in packet capture. i use simple sniffer C program also iptraf utility. but getting same results why?
i am using redhat linux 9.0 with 2.4.20-8 kernel.
 
Old 11-18-2004, 08:34 AM   #2
bignerd
Member
 
Registered: Nov 2004
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98

Rep: Reputation: 15
how do you know it's the same packet twice?

Don't just go on the ip address. Check the MAC as well.

-b
 
Old 11-19-2004, 12:14 AM   #3
cranium2004
Member
 
Registered: Feb 2004
Distribution: FC4,RHEL4
Posts: 223

Original Poster
Rep: Reputation: 30
i have no lan card on my home pc. i am using tcpdump as well as sniffer programs that give me results that each loopback packet on 127.0.0.1 appear as 2 packets in packet capture analysis by pinging to 127.0.0.1

what is problem?
 
Old 11-19-2004, 12:48 AM   #4
lazlow69
Member
 
Registered: Jan 2003
Location: Central New Jersey
Distribution: Knoppix to play, Slack current, OpenBSD stables
Posts: 111

Rep: Reputation: 15
You are most likely seeing the ICMP ping packet that is both a request and a reply, like the full message of "hey you there, yep I'm here" or more like "am I me, yep I'm me" in the case of the loopback...
 
Old 11-19-2004, 01:12 AM   #5
cranium2004
Member
 
Registered: Feb 2004
Distribution: FC4,RHEL4
Posts: 223

Original Poster
Rep: Reputation: 30
no i check all analysis. for each ping echo request and reply i get 4 packets observations for one request 2 packets are counted and for one reply 2 packets are counted.
 
Old 11-26-2004, 07:35 AM   #6
daveyroy
LQ Newbie
 
Registered: Sep 2004
Location: Manchester
Distribution: Linux Red Hat 9
Posts: 7

Rep: Reputation: 0
Can anyone help?

I'm in my final year of a Bsc Computer Systems degree. For my final year project I have to
design and implement a simple Linux network on 3 Pc's and then design and
implement a Network Analyser based on tcpdump.
I have successfully networked 3 Pcs using Linux Red Hat 9. The network is
private and I has no Internet access. The next phase of the project is (I
quote) 'to
design and implement a network analyser based on tcpdump' is the stage I'm
up too.
I don't understand how to utilise this tcpdump to get information. Is this a
facility built into Red Hat 9? Can you output tcpdump contents to a file?
then manipulate this to extract information I require?

From the information I've gathered so far from my supervisor and reading on
this subject, I think I have to somehow direct output from the tcpdump to
file then somehow using GAWK dissect and output info to screen i.e.. say
source and destination address, protocol used etc... Could you please help
me with any information to be able to do the above if this is along the
right tracks as I'm now struggling implement this final stage of my project.

Some more info if it helps at all?

I have to simulate traffic on my private network and capture what every it
is I have sent, for example using ftp to send a file from one host to
another. I need to provide means of capturing both UDP and TCP packets so I
will need to research which protocol uses what. But its understanding and
being able to work with tcpdump which is where I'm struggling. I read the
man pages but find them a bit vague.



Any information would be appreciated!!
 
Old 11-26-2004, 09:42 AM   #7
Darin
Senior Member
 
Registered: Jan 2003
Location: Portland, OR USA
Distribution: Slackware, SLAX, Gentoo, RH/Fedora
Posts: 1,024

Rep: Reputation: 45
I was thinking that your capture program probably sits somewhere in the middle of the protocol stack. It happens to see each packet twice not because there are two packets but because the loopback interface sends packets down to the bottom and then they come right back up again. Each packet would pass by the network analyzer twice, once on the way down and then again as it gets bounced back up the protocol stack by loopback.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to capture network packet jerrytw Programming 1 01-06-2005 10:28 AM
send packet at network Jamesminh Programming 1 10-01-2004 10:04 AM
How to get the IP header of packet going through an interface thanh Programming 1 06-12-2004 12:26 PM
Network packet capture avaya Linux - Newbie 2 10-14-2002 09:37 PM
packet reception by virtual network interface seeker321in Linux - Networking 0 04-19-2002 01:48 PM


All times are GMT -5. The time now is 04:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration