Hi, Well a packet coming in has to come out somewhere. If the router passes them both to the sniffer you'll see it twice (with a different MAC address, of course, and maybe a different VLAN tag, and a TTL-1, but still.
Thanx, Jaap Albert Jurado wrote: > Why would it see double? > > Albert Jurado > Network Manager > First Commercial Insurance Company > 2300 W 84 St. > Hialeah, FL 33016 > Phone: (305) 820-4848 ex. 1206 > Mobile: (305) 873-4400 > Email: [EMAIL PROTECTED] > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jaap Keuter > Sent: Monday, March 10, 2008 1:31 PM > To: Community support list for Wireshark > Subject: Re: [Wireshark-users] Terminal Server traffic > > Hi, > > I may be dependant how you configured the monitoring port on the core router. > If it captures both ingress and egress packets it start to see double. The > details I leave to the network operator buffs ;) . > > Thanx, > Jaap > > Albert Jurado wrote: >> As of last week we started to monitor traffic from our internal Terminal >> Server to our internal SQL server using wireshark. >> >> Our network is segmented in the following way: >> >> VLAN for servers >> >> Data VLAN for each floor in the building (six in total). >> >> We installed wireshark on a separate workstation plugged into our core >> router with a monitoring port configured >> >> Our first capture revealed over 40% of the traffic as “out-of-order” >> packets. When we performed a capture from the terminal server there was >> no such traffic. >> >> I wondering if this type of behavior is normal for terminal server >> communication. I hope someone can shed some light on this matter for >> me, it would greatly appreciated. >> >> Thanks! >> >> *Albert Jurado* > _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
