everything appears twice
I have a browser app sending a POST to my server and I am running Wireshark on it. I seem to be getting doubles. In the attached screenshot, there are two change ciphers, two POSTs, two ACKs, 2 OK's. Is this a problem with Wireshark or a protocol issue? If not, why would this be happening? Each packet appears identical.
Another question: Why can't I post a link to an image to show you guys what i am talking about? Ctrl-v doesn't seem to work. I tried uploading the image and was told I need 60 points to do that.
You can upload the image (even better the capture itself) to a file sharing site, e.g. Google Drive, DropBox and post a link to it by editing your question.
We have these restrictions because of spammers.
Graham, I could try to upload the capture. But I am a little concerned that it will show my sites actual IP and thus open my site to nasty stuff. If I upload an image, I can erase my IP address. Also, I did upload my image to photoBucket and then tried to ctrl-v the link to it in my post, but it would not work.
To anonymize a capture see TraceWrangler.
I loaded up TraceWrangler but honestly don't know how to use it. Before I kill myself trying to get that going I am hoping that someone could comment on my problem and confirm my thought that it is NOT a Wireshark issue. I am sending an XOR buffer from my client browser to my server. I am running Wireshark on the client. As I explained already, I am seeing two of the exact same buffer going out from the client to the server. But when I look at the Chrome Debugger Network tab, I am only seeing one copy of the buffer. But in Wireshark I see two of them. And I also see the server responding back with two Acks. What I don't get is the discrepency between the Chrome Debugger and Wireshark.
It's likely to be something in your capture setup as Wireshark won't just "invent" packets. Can you describe your capture setup and how you start the capture in Wireshark?
It is not very sophisticated. I bring up Wireshark (on the client), press the fin in the upper left corner to start it. I then bring up my Chrome extension within the Chrome browser by Inspecting the popup. I then login my app (which seems to work fine). I then bring up the survey popup, fill in the data and press submit. This causes a send of a json buffer. It is this json buffer that appears twice to Wireshark (running on the client). It would seem that the client is sending it twice, but the chrome debugger only shows it going out once. That is the problem; wireshark sees it twice and chrome debugger network tab only sees it once.
Unfortunately I think the answer lies in the capture.
What do you mean by that? Are you saying that the capture is accurate and the chrome debugger is not? That is fine, BTW, I just need to know where to look.
@richb201 Drop the image on a site like imgur.com, then paste the link to the image here. It's not that difficult.
Thanks Jaap. Here it is. As you can see, at some point everything appears twice ie Client hello, the ack, server hello, etc. Even my HTTP POST appears twice. The issue is that when I look at the Chrome debugger, I only see one POST to Logger_survey, not two.
https://imgur.com/IH4bTZm
And here is a shot of the chrome debugger showing that it is only being sent once! https://imgur.com/0SsBYJO
As is usual, solving issues via screenshot is difficult and frustrating because it's the info in the capture that we can't see that's important. I'd like to see the packet details for frames 26 & 27.
You can see that the two SYN's for those frames are sent from different ports, 49814 & 49815 respectively, which implies that 2 connections are being made.
BTW, please stop posting comments as "Answers".