Every so often you get a trace file with duplicate packets.  I once saw a determined analyst mark every second packet and save the marked packets..   WOW... that was painful to hear.

Well in this video, I show you how to remove duplicate packets using Wireshark's editcap utility.  The only thing I forgot to mention in the video is that I added the program files\Wireshark folder to my path.  So if you don't have Wireshark in your path, you need to copy the trace file you want to work on to your Wireshark folder.

Enjoy

Continue reading other LoveMyTool posts by Tony Fortunato »