Tcp and snmp communication

Unanswered Question
Feb 3rd, 2009

Hello all;

I'm find an explanation of one issue face in our network. We have a part of our network which is not segmented.We install a sniffer server without configuring span, this sniffer server was connected to the cisco switch.

We discover that this sniffer is able to see tcp &snmp traffic between PRTG server and remote equipment monitored via snmp.

I'm confused, because i do not know why a unicast traffic can be received by sniffer. Please, can you know the different reason of this behavoir and how to avoid it ?

Thank you & Best regards.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Paolo Bevilacqua Tue, 02/03/2009 - 04:45

Hi, something is not correct with the switch, and you should examine carefully its configuration.

Paolo Bevilacqua Tue, 02/03/2009 - 05:18


%C4K_EBM-4-HOSTFLAPPING: Host 00:13:C3:9A:A8:00 in vlan 1 is f

lapping between port Gi1/32 and port Gi1/37

You probably have a topology loop that causes the switch to flood unknown MAC to all ports.

Paolo Bevilacqua Tue, 02/03/2009 - 05:39

I do not understand the low rating give to my post above.

The switch is telling you clearly that you have at least one flapping MAC, so you should investigate that.

Please refrain to use the rating system if you can't make a good use of it.

stephtchoko Tue, 02/03/2009 - 06:18

I put the low rate because, event when the switch forward the traffic to mac address HSRP the snffer is receiving it. I can not confirm that is coming the loop.You mention what is the root cause. We are still verifying.

Thank you for your comprehension.


stephtchoko Thu, 02/05/2009 - 00:59

Hello bevilacqua,

Other than HSRP, can we have another explanation of lack of the unicast flooding ? Do you want to see the wireshark output ?




This Discussion