 | 1 | initial version |
My guess would be that thet duplicate packets are an artefact of capturing on the host machine itself. When you see two SYN packets in your trace, do you also see two SYN/ACK packets coming back? If not, there was actually only one SYN packet leaving your system.
It is recommended to make traces on a separate machine running Wireshark. Either connected to a TAP or a SPAN port, that way, you can be sure of what is actually put on the network without having to guess how the vNic driver, hypervisor kernel, nic offloading features etc are creating all sorts of strange capture effects.
Have a look at the Wireshark WiKi page on how to capture for more information.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
