Re: de-duplicate packets by capture filter

[Andrej van der Zee <andrejvanderzee () gmail com>]

> And, I assume, at the Ethernet level they're *not* identical, presumably by having different source and/or 
> destination MAC addresses.

That what was I tried to imply :)

> By having a machine with multiple network interfaces on the same LAN segment and having its ARP implementation spit 
> out different MAC addresses to different clients as a form of load balancing? :-)

Sounds like fun! But when I try to configure my machine with multiple
network interfaces with the same static IP address I presume it starts
nagging?

> Or by having the switch do other weird stuff internally?  What's the switch set up to do that causes it to duplicate 
> the packets?  What is it doing to the MAC addresses?

The only thing I know for sure is that it is a Windows Cluster Server
which is being spanned to the monitoring port. I'll try to figure out
more about this.

But what I can see in Wireshark for a filtered stream is that the Mac
Addresses start with HewlettP, All-HSRP-routers, and Cisco. Also, some
traffic is only spanned in one direction (see attachment).


Cheers,
Andrej

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe