everything appears twice
I have a browser app sending a POST to my server and I am running Wireshark on it. I seem to be getting doubles. In the attached screenshot, there are two change ciphers, two POSTs, two ACKs, 2 OK's. Is this a problem with Wireshark or a protocol issue? If not, why would this be happening? Each packet appears identical.
Another question: Why can't I post a link to an image to show you guys what i am talking about? Ctrl-v doesn't seem to work. I tried uploading the image and was told I need 60 points to do that.
Comments
You can upload the image (even better the capture itself) to a file sharing site, e.g. Google Drive, DropBox and post a link to it by editing your question.
We have these restrictions because of spammers.
Graham, I could try to upload the capture. But I am a little concerned that it will show my sites actual IP and thus open my site to nasty stuff. If I upload an image, I can erase my IP address. Also, I did upload my image to photoBucket and then tried to ctrl-v the link to it in my post, but it would not work.
To anonymize a capture see TraceWrangler.
I loaded up TraceWrangler but honestly don't know how to use it. Before I kill myself trying to get that going I am hoping that someone could comment on my problem and confirm my thought that it is NOT a Wireshark issue. I am sending an XOR buffer from my client browser to my server. I am running Wireshark on the client. As I explained already, I am seeing two of the exact same buffer going out from the client to the server. But when I look at the Chrome Debugger Network tab, I am only seeing one copy of the buffer. But in Wireshark I see two of them. And I also see the server responding back with two Acks. What I don't get is the discrepency between the Chrome Debugger and Wireshark.
It's likely to be something in your capture setup as Wireshark won't just "invent" packets. Can you describe your capture setup and how you start the capture in Wireshark?