Wireshark · Wireshark-users: [Wireshark-users] unicast traffic in promiscuous interface capture

Wireshark-users: [Wireshark-users] unicast traffic in promiscuous interface capture

From: "Alex Nedelcu" <alexpheno@xxxxxxxxx>

Date: Thu, 31 Jan 2008 14:16:28 +0200

Hello,

Ia have the following setup:

A host is capturing all traffic off its ethernet interface in
promiscuous mode, with a capture filter which excludes locally
generated or destined traffic, practically it removes all traffic that
the host makes.
Taking into consideration that host A is on a switched network i
expected to see only broadcast and mutlicast traffic on the wire. The
surprise came when i noticed that around 0.8% of the traffic was TCP,
originated and destined from different ip and mac addresses from the
host that was making the capture.

Is this capture normal for a switched network or not?
Could this be unknown unicast traffic flooded my port?

Follow-Ups:
- Re: [Wireshark-users] unicast traffic in promiscuous interface capture
  - From: Jaap Keuter
- Re: [Wireshark-users] unicast traffic in promiscuous interface capture
  - From: Marc Luethi

Prev by Date: Re: [Wireshark-users] Hiding interfaces
Next by Date: Re: [Wireshark-users] unicast traffic in promiscuous interface capture
Previous by thread: Re: [Wireshark-users] how can i open the package of iris saved
Next by thread: Re: [Wireshark-users] unicast traffic in promiscuous interface capture
Index(es):
- Date
- Thread