My Peek duplicates packets ... easy to provoke

Posted: Fri Oct 28, 2011 5:08 am
by Tom Doe

When I run 2 simultaneous captures, Peek duplicates packets. I'm not sure whether the problem is my PC or OmniPeek.

Can anybody try to verify this?

- Disconnect network cable ... to ensure simultaneous start
- Start Capture 1 with 20MB buffer, continuous capture
- Start Capture 2 with 100MB buffer, continuous capture
... now both captures are waiting and show 'Packets received' = 0
- Connect network cable and wait till the 20MB buffer has first overrun
- Disconnect network cable

By then both captures should show the same count for 'Packets received'. But in my case Capture 2 shows one more packet.
When looking through the packets I can see one packet in the trace which is equal to the previous one. It even has the same timestamp.
To localize the packet you just have to take the last packet-number of the 100MB-capture and subtract the first packet number of the 20mb-trace.
You get the packet-number which is duplicated in the 100MB trace.

I tried different versions of Peek, all the same. When I run Wireshark at the same time it shows me the correct number of packets, no duplicated packets at all.