[c-nsp] 2970 turns into a hub for a few moments
Jeff Kell
jeff-kell at utc.edu
Wed Dec 27 10:27:07 EST 2006
Vincent De Keyzer wrote:
>
> We have placed several laptops in several points of the network, running a
> sensible application plus Ethereal. What we saw was very weird: from time to
> time (and it coincides with the applications timeouts), the switches starts
> forwarding to the laptop ports traffic that is neither broadcast, nor
> unicast for the laptops. Just like if the switch would become a hub from
> time to time.
>
> Does anyone have an idea on what could be causing this?
A switch will flood packets when there is no matching MAC address in the
cam (mac-address table) for the destination.
This can be caused by a number of things, such as something clearing the
cam (CLI, SNMP, or certain conditions that flush the cam as a side
effect) or most likely the cam table is being filled up, either
intentionally by malware (e.g., dsniff) or unintentionally by a bad NIC
or transmission errors generating erroneous source MAC addresses.
Jeff
More information about the cisco-nsp
mailing list