I'm writing and testing a script that digs into UDP network traffic and looks for certain data values in each packet. To do all this development while I'm at my desk--not connected to the physical network hardware, I'm playing a pcap using Colasoft Packet Player onto a virtual NIC (Microsoft KM-TEST Loopback Adapter) that I created so I can run the pcap over and over while I develop my utility.
When I look at the traffic in Wireshark, every packet is duplicated once. It's like the virtual NIC (or something) is sending the packet back.
When I open the pcap in Wireshark instead of capturing the playback from Colasoft, there are no duplicated packets. Also, when connected to that actual hardware that was connected to create the original pcap, there are no duplicates during live capture in Wireshark.
This seems like a setting on the virtual NIC, but I can't find anything that fixes my issue in the adapter settings.
I've also connected another computer to the physical NIC on my computer, and I have the same issue.
Should I try a different packet player?
I'm not familiar with Colasoft, but have a few ideas on pcap playback. Are the packets really identical? You may have the same content being sent to multiple destination addresses. How are you sampling the playback? Are you sampling at multiple points? Do you have network equipment involved in your test? Is this a test with physical equipment or is the whole test simulated?