I believe you're referring to this bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4561
-----Original Message----- From: John Powell <[email protected]> To: Developer support list for Wireshark <[email protected]> Sent: Fri, Aug 10, 2012 8:58 am Subject: Re: [Wireshark-dev] Packets in different VLANS flagged as duplicated Packets in RTP Stream Analysis Hi Everyone, I should have noted the following: I am running Wireshark 1.8.1 (compiled from source) under CentOS 6.3. Dumpcap command command line is: /usr/local/bin/dumpcap -B 32 -i 2 -f vlan and (not vrrp and not udp port 1985 and not ether host 01:00:0c:cc:cc:cc) -b files:1200 -b filesize:250000 -b duration:900 -w /var/opt/data/captures/eth1.cap Thanx in advance for any guidance! John On Fri, Aug 10, 2012 at 6:48 AM, John Powell <[email protected]> wrote: Hi Everyone, I am running Dumpcap as a service. My users have told me that when they select a packet capture then select Telephony - RTP - Show all Streams that it indicates packets are being duplicated (negative packet loss). For the packets being duplicated (negative packet loss), I discovered that there are in fact 2 packets being seen by Wireshark with the same SRC/DST IP Addresses and the same ID number BUT different VLANS tags. Is this an error in Wireshark that should be fixed or is there some way to configure Wireshark to look at the VLAN tag as well as the ID number before determining a packet is duplicated? Thanx alot! John ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
