Ethereal-users: RE: [Ethereal-users] Traffic not expected on a switch port

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "R. Benjamin Kessler" <bk-lists@xxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 3 Nov 2003 09:25:58 -0500
There are a couple of reasons a switch will "flood" TCP traffic out -
generally they're not good...

1 - Someone is running dsniff - probably not likely since you’re not seeing
all other traffic on the switch; you'd probably notice the slowdown in
traffic as well.

2 - Unknown MAC address and thus the switch is "flooding" the traffic - also
unlikely since there is an established TCP session, the steps required to
establish the session generally get the MAC address placed into the switch's
bridging table.  I've seen UDP traffic exhibit this behavior - e.g. a SYSLOG
server that is just receiving traffic all day but not sending anything back.

3 - Too many entries in the MAC table - again, like #1 but not because of
malicious intent; I've seen "really old" switches have this problem on
large, flat networks that have more devices than could be supported by the
small MAC table.

4 - Bug in software/hardware on the switch - generally more difficult to
track down and fix.

~~~~~~~~~~
R. Benjamin Kessler
Network Engineer
CCIE #8762, CISSP, CCSE
Kessler Consulting
Email:  ben@xxxxxxxxxxxxxxxxxxxxx
http://www.kesslerconsulting.com
Phone: 260-625-3273
 

-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of BUYCK Jacky
FTRD/DMI/CAE
Sent: Monday, November 03, 2003 3:24 AM
To: gilberto.lima@xxxxxxxxxxxxx; ethereal-users@xxxxxxxxxxxx
Subject: RE: [Ethereal-users] Traffic not expected on a switch port

Hi all.
   I've encounter the same kind of problem with Nortel Switch and we wasn't
able to explain it for the moment.
   Nortel have admit a problem in old version of the software of the BPS
2000 but this is the only think we have.

-----Message d'origine-----
De : gilberto.lima@xxxxxxxxxxxxx [mailto:gilberto.lima@xxxxxxxxxxxxx]
Envoyé : vendredi 31 octobre 2003 14:18
À : ethereal-users@xxxxxxxxxxxx
Objet : [Ethereal-users] Traffic not expected on a switch port


Hi, could somebody give me a hand?

My machine is on a switch (3COM 3300) port and when I run Ethereal (on 
Windows 2000) I see traffic between 2 Oracle Servers (TNS packets)
Those TNS packets have destination and source well specified, it´s not a 
broadcast.
I know I shouldn´t be able to see that traffic, I should only see 
broadcast, multicast and traffic intended to my machine.

Thanks,

Gilberto.

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users