after capturing pakets in our network i have found a mac address starting with 45-00-xx-xx-xx-xx. The network type of the network is ethernet, the frame type is Ethertype and the protocol type is unknown. The protocol type number is 4000. Does anybody know what it is?!? Mybe it is Token RIng or so?
I have found up to twelve mac adresses of this type in our network.
The mac address of the source could be 00:5b:6b, made by ELTEC ELEKTRONIK AG, and 00:51:24, made by HOB ELECTRONIC GMBH & CO. KG. Do a search (show cam) for those macs and see if that helps.
Or if I am wrong about the mac/sniffer, do a search for 45:00... and 02:b0...
-The packets are SMB (Server Message Block, a protocol for sharing files, printers, serial ports, named pipes and mail slots between computers) as per the "FF 53 4D 42". Microsoft relies on this heavily.
I´m using the sniffer observer. Do you know it?! I don´t think that the sniffer is the problem because in the log buffer of our main switch ( a Cat 4006) i get the following error messages: %SYS-4-P2_WARN: 1/Invalid traffic from multicast source address 45:00:00:xx:xx:xx on port x ".
I´ve tried to find the mac addresses of ELTEC and HOB in the cam table of the switch. But i find no mac.
The "Invalid traffic from multicast source address" syslog message is generated when the switch receives packets with a multicast MAC address as the source MAC. Using a broadcast or multicast MAC address as the source MAC for a frame is not standards-compliant behavior. However, the switch still forwards traffic sourced from a multicast MAC address.
The syslog message indicates the multicast MAC address in the source MAC field of the frame, and the port on which the traffic was received.
The workaround is to try to identify the end station that is generating frames with a multicast source MAC address. Typically, such frames are transmitted from a traffic generator (for example, SmartBits) or third party devices that share a multicast MAC address (for example, load balancing firewall or server products).
You know the switch port number and that it is a SMB packet, so it most likely is a server product, for example like Ghost.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...