Cisco Support Community
Community Member

tcpdump on a 3750 port shows foreign tcp flows


on basically every 3750 stack in our network, if i tcpdump on any port, i will generally see tcp flows where neither the source nor destination is related to the machine upon which i'm tcpdump'ing.

we generally use stacks of WS-C3750G-48TS, WS-C3750G-48PS... running Advanced IP services, 12.2(37)SE. but i have the feeling i've seen this behaviour on other IOSs as well.

bizarrely i generally see only 1 foreign flow at a time... i.e. it's not like all traffic is instantly broadcast on all ports. i've also checked particular flows and found that there is active entries in the arp and mac tables, indicating that the switch knows exactly where the flow is supposed to go... but is somehow copying the flow to all other ports just for fun.

this behviour has occurred on systems without span config.

anyone have any ideas? has anyone seen anything similar?

CreatePlease to create content