duplicating the send

Feb 10, 2011 at 8:39 PM

Hi everyone

im facing a (kind of) problem , every packet im sending is being sent twice (duplicated)

when i monitor the sending device with wireshark i see that every packet is sent twice , the device sends the first packet normally and immediately sends an exact copy of the packet with "tcp out-of-order" message

when i monitor the receiving device with wire shark it reads a normal traffic , that is , it reads there is only ONE packet and it doesnt see the copy (this is why i said its a "kind of" problem)

can anyone help ??

 

P.S. this is happening on some computers and not happening on others , might it be the wire is faulty ??

Coordinator
Feb 11, 2011 at 1:06 PM
Edited Feb 11, 2011 at 1:06 PM

Hi shmilqais,

 

Please add information about when this is happening - what computers, how are they connected and what devices.

It sounds like you sniff the same packet twice for some reason and not really send it twice.

Can you check if this happens for non-Pcap.Net packets the computer sends from this device (try pinging between the two computers for example).

 

Boaz.

Feb 18, 2011 at 6:08 PM

im using a laptop and a PC , they are directly connected with a standard UTP wire with RJ45 plugs

when i send anything from the laptop wireshark reads it as duplicated (it sees two instances of the same sent packet)

when i send from the PC the ame situation sometimes occures and sometime it doesnt

 

but the receiver always sees only the sent packet , which means its not a problem , but still i wanna know why its happening , this is the case with TCP and IP packets

but the HTTP packets gives a (TCP out of order) notation on the second (duplicated) packet , but in the receive side it reads only one packet

 

P.S. the time between the sending of the original packet and the duplicate is almost (0.0000001) in the second , and its not getting any response before resending the duplicate packet

Feb 18, 2011 at 6:10 PM

oh i forgot to say that i changed the wire and the problem is the same , so its not the wire

Coordinator
Feb 19, 2011 at 7:57 AM

I believe this is just a WinPcap sniffing issue.

Your device might sniff the packet that it sends in addition to get it when it's sent.

This would probably not happen on a standard network with a switch or a router in the middle.

 

If you want more information on this harmless issue, I would suggest asking that question with the full details in WinPcap forums.

 

Boaz.

Nov 6, 2014 at 1:14 PM
Edited Nov 6, 2014 at 1:15 PM
I faced the same problem, but the receiver receive two of those copies. The code of packet sending is below, does anybody know what to do?
using (PacketCommunicator communicator = options.Device.Open(65535, PacketDeviceOpenAttributes.Promiscuous, 1000))
            {
                using (PacketSendBuffer buffer = new PacketSendBuffer(65535))
                {
                    for (ushort port = (ushort)options.StartPort; port <= options.EndPort; port++)
                    {
                        buffer.Enqueue(this.CreateTcpSynPacket(options, port));
                    }
                    communicator.Transmit(buffer, true);
                }
            }
When I did it with the SendPacket the problem was equal.
Coordinator
Nov 7, 2014 at 5:23 AM
Hi svinopapka,

Did you try using PacketDeviceOpenAttributes.NoCaptureLocal?

Boaz.
Nov 7, 2014 at 12:37 PM
Brickner wrote:
Hi svinopapka,

Did you try using PacketDeviceOpenAttributes.NoCaptureLocal?

Boaz.
The code of a whole application is here: https://github.com/KostiaGontarev/SynPortScanner

I write a syn port scanner, there is one thread, that send packets and the code of it's method I sent in a message before, and there is a thread that receive tcp packets with concrete source and destination ip.
I tested it in my home network with 2 laptops. There is wireshark on both of them. I am sure that my application send 1 or more equal packets, the wireshark on the otherside says so, and of course the otherside sends syn ack for all of them - that is the reason why my application prints message about concrete port from 1 to 3 times.
I really don't know what to do, cause it seems to be all correct. Maybe If you look my code, you'will tell me more about the problem.
Coordinator
Nov 8, 2014 at 7:08 AM
Hi,

Did you try the following?
PacketCommunicator communicator = options.Device.Open(65535, PacketDeviceOpenAttributes.Promiscuous | PacketDeviceOpenAttributes.NoCaptureLocal, 1000)
Nov 8, 2014 at 7:40 AM
Yes, I've tried. It have not worked. Now, I think about the communicators in my application - there are 2 of them, one for receiving, one for sending and they are open on the same device. Maybe in someway, they do the same sending work? If the problem in them, I don't sure, that I can use one communicator in different threads to get all speed of syn scan. Howherer, I'll try to do it with one communicator tonight.
Nov 8, 2014 at 10:45 PM
Edited Nov 9, 2014 at 12:05 AM
I have tried. As I expected, I failed in using 1 communicator in 2 threads. Have you any other idea?
I've made some tests, the problem is actual only for my tcp packets, an arp has gone well. Maybe something is really bad in a tcp packet generation? I have doubts about identification and sequence number field, but as I've understood there is no need in control them in syn scan. Take a look, please:
private const ushort WindowSize = 8192;
 private Packet CreateTcpSynPacket(ScanningOptions options, ushort targetPort)
        {
            EthernetLayer ethernetLayer = new EthernetLayer
            {
                Source = options.SourceMac,
                Destination = options.TargetMac,
            };
            IpV4Layer ipV4Layer = new IpV4Layer
            {
                Source = options.SourceIP,
                CurrentDestination = options.TargetIP,
                Ttl = 128,
                Fragmentation = new IpV4Fragmentation(IpV4FragmentationOptions.DoNotFragment, 0),
            };
            TcpLayer tcpLayer = new TcpLayer
            {
                SourcePort = sourcePort,
                DestinationPort = targetPort,
                ControlBits = TcpControlBits.Synchronize,
                Window = WindowSize,
            };
            return PacketBuilder.Build(DateTime.Now, ethernetLayer, ipV4Layer, tcpLayer);
        }
        private Packet CreateTcpRstPacket(ScanningOptions options, ushort targetPort)
        {
            EthernetLayer ethernetLayer = new EthernetLayer
            {
                Source = options.SourceMac,
                Destination = options.TargetMac,
            };
            IpV4Layer ipV4Layer = new IpV4Layer
            {
                Source = options.SourceIP,
                CurrentDestination = options.TargetIP,
                Ttl = 128,
                Fragmentation = new IpV4Fragmentation(IpV4FragmentationOptions.DoNotFragment, 0),
                Identification = (ushort)new Random().Next()
            };
            TcpLayer tcpLayer = new TcpLayer
            {
                SourcePort = sourcePort,
                DestinationPort = targetPort,
                SequenceNumber = (uint)new Random().Next(),
                ControlBits = TcpControlBits.Reset,
                Window = WindowSize,
            };
            return PacketBuilder.Build(DateTime.Now, ethernetLayer, ipV4Layer, tcpLayer);
        }
Coordinator
Nov 14, 2014 at 8:41 AM
Hi svinopapka,

The problem is that the TCP packets are sent twice, right?
How do you know they are actually being sent twice?
Can you provide an example pcap file and details on how you capture it?

Boaz.