tags:

views:

39

answers:

1
Q: 

Why packets injected with libpcap are duplicated?

I'm using sharppcap in order to send packets as part of a monitoring system. Usually it works well but I've encountered the strangest bug on a hosted vista machine and I would like your help.

On that virtual vista machine, injected packets are duplicated. That is, if I send a ping request using libpcap, it somehow gets duplicated and I get two requests on the destination machine. The two requests are almost identical byte-wise, and the only difference between them is that the second packet's TTL field is one minus the original packet's value.

Using wireshark I can see the packet gets duplicated before it (and its clone) leave the vista machine. The problem is manifested even when using other tools for injecting packets using libpcap (namely PlayCap).

Any ideas?

+1  A: 

The TTL field being one lower on the clone packet indicates that it has gone through one more routing hop than the other packet. This seems to indicate that the packet has gone through the Vista machine's input packet queue (and is routed back out) as well as directly to its output queue.

caf  2010-05-14 03:26:09
anything I can do to test this theory? overcome this problem?
r0u1i  2010-05-16 06:30:14

related questions

Windows packet sniffer that can capture loopback traffic?
Sockets and Processes in Java
Getting the Hostname or IP in Ruby on Rails
How do I measure bytes in/out of an IP port used for .NET remoting?
How do I read and write raw ip packets from java on a mac?
Tool for degrading my network connection?
How do you find out which NIC is connected to the internet?
How do you parse an IP address string in C#?
Spread vs MPI vs zeromq?
How do you get the ethernet address using Java?
Leaving your harddrive shared
Should a wireless network be open?
Wifi Management on XP (SP2/SP3)
Broadcast like UDP with the reliability of TCP
Default Routes
Optimizing for low bandwidth
What workshops / user groups / conventions do you attend?
Why is Peer-to-Peer programming a hard topic to obtain good research for?
Boundary Tests For a Networked App
Remoting server auto-discovery. Broadcast or not?
How do I interpret 'netstat -a' output
Default Internet connection on Dual LAN Workstation
Objective-C/Cocoa: How do I accept a bad server certificate?
Easiest way to provide VPN access easily for all client OSes?
How to setup Quality of Service?