Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-users: RE: [Ethereal-users] Other Connections found in a trace

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Visser, Martin" <martin.visser@xxxxxx>
Date: Fri, 8 Jul 2005 13:25:23 +1000
Even on a server port you might occasionally see unicast packets that
you are not the correct destination port for. This would occur if the
switch you are connected to receives a unicast packet for that
destination address, but it has not seen that destination before (or for
a long time). The switch will flood all unicast packets with an unknown
destination to all ports. Of course, when the switch does see the
response from this device, it will then learn the address, map it to the
correct port, and it will no longer need to flood the packet. 

(As most hosts broadcast or multicast something when they first come up,
usually all switches will learn the correct outbound port for that host
right from the beginning. The above scenario usually only occurs, if
there is very little activity from the host or if switches in the
network have been rebooted and hence need to relearn a valid MAC address
forwarding table)


  

Martin Visser, CISSP
Network and Security Consultant 
Consulting & Integration
Technology Solutions Group - HP Services

410 Concord Road
Rhodes NSW  2138
Australia 

Mobile: +61-411-254-513
Fax: +61-2-9022-1800     
E-mail: martin.visser@xxxxxxxx

This email (including any attachments) is intended only for the use of
the individual or entity named above and may contain information that is
confidential, proprietary or privileged. If you are not the intended
recipient, please notify HP immediately by return email and then delete
the email, destroy any printed copy and do not disclose or use the
information in it.


-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of Guy Harris
Sent: Friday, 8 July 2005 5:00 AM
To: Ethereal user support
Subject: Re: [Ethereal-users] Other Connections found in a trace

Gruchevsky, Steven A wrote:

> I have Ethereal loaded on several of my servers.  I would expect to 
> see packets only sourced or destined to the server in which I am
capturing.
> Actually, I am seeing packets for other source destination pairs.  Why

> would this occur?  My servers are attached to switches.

Are the destinations unicast, or are they broadcast or multicast?

If they're unicast, that's a surprise, as I'd expect the switch not to
forward to the port for one of your servers packets not sent to a MAC
address for the server's adapter plugged into that switch.

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube