Making SPAN port captures more useful
The SPAN feature on Cisco switches (and similar features from other vendors) are very useful for investigating network traffic. The only drawback they have is that the captures made using a SPAN port often contain duplicates of a relatively high number of packets.
This makes analysis of the captured network data more difficult: tools like wireshark tend to get confused and the highly advanced dissectors are rendered useless.
This tool eliminates the duplicate packets from the capture allowing you to use tools like wireshark without drawback. It does this by looking for identical L2 packets (header+data) transmitted within a 120µs time frame. If this situation occurs the second packet is discarded.
To compile you need the pcap development package installed on your system. Only tested on Linux.