Hi, When I switch off the TCP dissector preference "analyze TCP sequence numbers", all that is left are duplicate packets for the vlan. Apply this filter to see: ip.src == 10.10.10.0/24 && ip.dst == 10.10.10.0/24
Thanx, Jaap Albert Jurado wrote: > I've attached a small capture file. Maybe someone can take a look at it and > make something of it. > > If you look for the following ip address (10.10.10.23) you'll should see the > out of order packets. > > Albert Jurado > Network Manager > First Commercial Insurance Company > 2300 W 84 St. > Hialeah, FL 33016 > Phone: (305) 820-4848 ex. 1206 > Mobile: (305) 873-4400 > Email: [EMAIL PROTECTED] > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jaap Keuter > Sent: Monday, March 10, 2008 7:38 PM > To: Community support list for Wireshark > Subject: Re: [Wireshark-users] Terminal Server traffic > > Hi, > > Well a packet coming in has to come out somewhere. If the router passes them > both to the sniffer you'll see it twice (with a different MAC address, of > course, and maybe a different VLAN tag, and a TTL-1, but still. > > Thanx, > Jaap > > Albert Jurado wrote: >> Why would it see double? >> >> Albert Jurado >> Network Manager >> First Commercial Insurance Company >> 2300 W 84 St. >> Hialeah, FL 33016 >> Phone: (305) 820-4848 ex. 1206 >> Mobile: (305) 873-4400 >> Email: [EMAIL PROTECTED] >> >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jaap Keuter >> Sent: Monday, March 10, 2008 1:31 PM >> To: Community support list for Wireshark >> Subject: Re: [Wireshark-users] Terminal Server traffic >> >> Hi, >> >> I may be dependant how you configured the monitoring port on the core >> router. >> If it captures both ingress and egress packets it start to see double. The >> details I leave to the network operator buffs ;) . >> >> Thanx, >> Jaap >> >> Albert Jurado wrote: >>> As of last week we started to monitor traffic from our internal Terminal >>> Server to our internal SQL server using wireshark. >>> >>> Our network is segmented in the following way: >>> >>> VLAN for servers >>> >>> Data VLAN for each floor in the building (six in total). >>> >>> We installed wireshark on a separate workstation plugged into our core >>> router with a monitoring port configured >>> >>> Our first capture revealed over 40% of the traffic as “out-of-order” >>> packets. When we performed a capture from the terminal server there was >>> no such traffic. >>> >>> I wondering if this type of behavior is normal for terminal server >>> communication. I hope someone can shed some light on this matter for >>> me, it would greatly appreciated. >>> >>> Thanks! >>> >>> *Albert Jurado* > _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
