everything appears twice

asked 2018-12-20 11:33:59 +0000

richb201 gravatar image

I have a browser app sending a POST to my server and I am running Wireshark on it. I seem to be getting doubles. In the attached screenshot, there are two change ciphers, two POSTs, two ACKs, 2 OK's. Is this a problem with Wireshark or a protocol issue? If not, why would this be happening? Each packet appears identical.

Another question: Why can't I post a link to an image to show you guys what i am talking about? Ctrl-v doesn't seem to work. I tried uploading the image and was told I need 60 points to do that.

edit retag flag offensive close merge delete


You can upload the image (even better the capture itself) to a file sharing site, e.g. Google Drive, DropBox and post a link to it by editing your question.

We have these restrictions because of spammers.

grahamb gravatar imagegrahamb ( 2018-12-20 11:38:46 +0000 )edit

Graham, I could try to upload the capture. But I am a little concerned that it will show my sites actual IP and thus open my site to nasty stuff. If I upload an image, I can erase my IP address. Also, I did upload my image to photoBucket and then tried to ctrl-v the link to it in my post, but it would not work.

richb201 gravatar imagerichb201 ( 2018-12-20 12:45:13 +0000 )edit

To anonymize a capture see TraceWrangler.

grahamb gravatar imagegrahamb ( 2018-12-20 13:13:33 +0000 )edit

I loaded up TraceWrangler but honestly don't know how to use it. Before I kill myself trying to get that going I am hoping that someone could comment on my problem and confirm my thought that it is NOT a Wireshark issue. I am sending an XOR buffer from my client browser to my server. I am running Wireshark on the client. As I explained already, I am seeing two of the exact same buffer going out from the client to the server. But when I look at the Chrome Debugger Network tab, I am only seeing one copy of the buffer. But in Wireshark I see two of them. And I also see the server responding back with two Acks. What I don't get is the discrepency between the Chrome Debugger and Wireshark.

richb201 gravatar imagerichb201 ( 2018-12-20 18:28:39 +0000 )edit

It's likely to be something in your capture setup as Wireshark won't just "invent" packets. Can you describe your capture setup and how you start the capture in Wireshark?

grahamb gravatar imagegrahamb ( 2018-12-20 18:42:25 +0000 )edit