 | 1 | initial version |
Expanding on the "Linux cooked capture" tree in the packet details will reveal a Packet Type field.
Right-mouse clicking on the "Packet Type" item and selecting "Add as Column" should make it obvious as to why we see duplicates in the sense of this particular capturing mechanism. In this capture we will see text "Sent by us", "Unicast to us" and "Broadcast" in this new column. You can create a display filters for these values and then generate a subset captures using File -> Export Specified Packets dialog.
In this case the useful display filters are "sll.pkttype == 0" for "Unicast to us", "sll.pkttype == 4" for "Sent by us" and (less useful) "sll.pkttype == 1" for "Broadcast".
If you enable Frame level option "Generate an MD5 hash of each frame", the only frame level duplicates to be found in this capture would be the three "Packet Type = Broadcast" ARP packets. You can also add the MD5 hash field as a column to play with as well.
