Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

sniffing switch traffic

I have a 3524 switch with the default management VLAN1 configured on it. All switch ports belong to VLAN1. When sniffing traffic in promiscuous mode on my laptop, I can see unicast traffic destined for PCs and servers other than my laptop. Because all switch ports belong to the same VLAN, my switch is in effect a repeater since it is flooding all packets out all interfaces. When I called the TAC about this, I was told that the only way to cure this is to assign each switch port to its own VLAN. Does anyone have to do this? It seems a bit counter-intuitive since the purpose of a switch in the first place is to be a "smarter" device than a hub and only forward traffic out the necessary ports to save on network efficiency and bandwidth. Any thoughts?


Re: sniffing switch traffic


a switch should definitely NOT behave this way.

The only reasons to flood unicast traffic are

1) unknown destination MAC address,

2) lack of memory for MAC forwarding table,

3) obsolete network port command forgotten in your config.

So I'd

1) check if the sniffed traffic destined to other PCs are really unicasts

2) if yes, I'd reload the switch and check the free memory and number of entries in the forwarding table

3) which IOS version are you running? Maybe upgrade to the latest version would help.



CreatePlease login to create content