> And, I assume, at the Ethernet level they're *not* identical, presumably by having different source and/or destination MAC addresses.
That what was I tried to imply :)
>
> By having a machine with multiple network interfaces on the same LAN segment and having its ARP implementation spit out different MAC addresses to different clients as a form of load balancing? :-)
Sounds like fun! But when I try to configure my machine with multiple
network interfaces with the same static IP address I presume it starts
nagging?
>
> Or by having the switch do other weird stuff internally? What's the switch set up to do that causes it to duplicate the packets? What is it doing to the MAC addresses?
The only thing I know for sure is that it is a Windows Cluster Server
which is being spanned to the monitoring port. I'll try to figure out
more about this.
But what I can see in Wireshark for a filtered stream is that the Mac
Addresses start with HewlettP, All-HSRP-routers, and Cisco. Also, some
traffic is only spanned in one direction (see attachment).
Cheers,
Andrej
Attachment:
macs.jpg
Description: JPEG image
