yes.. i've put the sniffer on all the free ports.. I see the same traffic I shouldn't... but what's really got me is that I see only the IP phone traffic... no other workstations or IP devices ( printers, etc ), just the IP phone stuff.... i'm just wondering if there is something in the IP phone frames that is confusing the switch into thinking that it's broadcast or multicast data....
-----Original Message-----
From: Cluff, Jared B [mailto:jared.b.cluff@xxxxxx]
Sent: Thursday, August 29, 2002 2:47 PM
To: Shawn Schiebrel; Cluff, Jared B
Subject: RE: IP phones and 3Com 3300 switch
True, you shouldn't see any traffic other than that which is directly
passing through your port. Have you tried sniffing any other ports on the
switch to make sure you arent connected to a port that has extra traffic
being forwared to it from the other ports. If all of your ports are showing
then, it would sound to me like your switch is maybe not acting like a
switch at all but more like hub, and that's not good.
-----Original Message-----
From: Shawn Schiebrel [mailto:SSchiebrel@xxxxxxxxxx]
Sent: Thursday, August 29, 2002 1:30 PM
To: Cluff, Jared B
Subject: RE: IP phones and 3Com 3300 switch
yeah.. I did install the sms version and got the same results as
ethereal... still strange.. I shouldn't be seeing that traffic...
-----Original Message-----
From: Cluff, Jared B [mailto:jared.b.cluff@xxxxxx]
Sent: Thursday, August 29, 2002 1:54 PM
To: Shawn Schiebrel
Cc: 'Ethereal-Users@xxxxxxxxxxxx'
Subject: Re: IP phones and 3Com 3300 switch
I don't believe that network monitor in the win2k pro/server listens in
permiscious mode, where as ethereal does. The Network Monitor client
installed through MS SMS 1.2/2.0 however does listen in permiscious mode.
This is mostlikely your problem. Also, switches by nature will not allow
you to sniff any traffic but what is on each specific port, so you usually
have to replicate the desired ports traffic to your sniffers port, but from
what I have gathered below, that isnt the case since ethereal seems to work
fine.
Vapor
----------------------------------------------
this is a very strange occurance.
I have 15 IP phones in my IT shop.. and all are connected via a 3com = 3300
switch matrix ( 4 actual switches matrixed together ) workstations (
including mine ) are also connected to the same switch = matrix=20
when I use ethereal from my workstation, I can see the IP phones talk to =
the IP cards in the phone system... not a broadcast or multicast, but a =
real IP address talking to another real IP address... say 10.10.2.25 =
talking to 10.10.3.65. =20
No broadcast addresses at all involved. ( of course.. I see broadcasts = as
well with ethereal )
But if I fire up Network Monitor in win2k.. I don't see that traffic at =
all.. just the broadcasts and a few multicasts.. ( Like I am supposed to =
)
just wondering if anyone has ever seen anything like this.... is there =
anything that ethereal would do to put the switch port in a mode that =
would see the traffic?
Shawn Schiebrel , Systems Engineer
American Health Holding Inc.
614-818-3222 x1111
Jared Cluff
EDN Team - XO
615-777-1511 - Desk
