Re: Traffic I shouldn't see in a Sniffer trace????

A11055 · ‎08-07-2003

No matter where I plug into, I see one-to-one traffic (host-to-host) not broadcasts. It seems like there is a switch or router broadcasting this traffic. Please point me in a better direction I can’t come up with any other ideas.

brocknathan · ‎08-07-2003

Who are the hosts on the network that are implementing this one-to-one traffic?

A11055 · ‎08-08-2003

real world address -> workstation

The traffic is oneway. I don't see the workstation talking back

milan.kulik · ‎08-07-2003

Hi,

check MAC addresses in the frames. Aren't they multicasts or somehow strange? Maybe the hosts are using some special application to communicate (Symantec Ghost, PGP, e.g.)?

Regards,

Milan

A11055 · ‎08-08-2003

The MAC's are not multicast or broadcasts. How would an application produce this traffic?

ahojmark · ‎08-08-2003

It could be unicast flooding. There are several possible reasons for this, so search Cisco.com for the term.

-A

rjackson · ‎08-08-2003

What type of device are you plugging into?

A11055 · ‎08-08-2003

2950

rpgccie · ‎08-11-2003

Which Sniffer software are you using ?

If you are using the Microsoft's Free Network Monitor.. it can only monitor one - one traffic..

just like a switch based network.. but if you sniff with the full version you will get the full prmoiscious capability..

A11055 · ‎08-20-2003

NAI - SNIFFER PRO

RTP29xx · ‎08-25-2003

I encountered the same Problem. I've got sniffer pro too, and with a c3550G-48 12.1(11)EA1, I had the same pbm. I moved to IOS 12.1(12c)EA1 And I have no longer unicast frames. It was not flooding because there was only a few unicast frames arriving on my port