[c-nsp] Sniffing unicasts in a switched network?
Kevin Graham
kgraham at industrial-marshmallow.com
Mon Sep 10 13:17:48 EDT 2007
> Now, when promiscuously sniffing one of
> the access-ports (no mirroring enabled,
> broad- and multicasts filtered out)
> every now and then I'm seeing TCP/UDP
> unicasts from random machines of either
> VLAN.
Most likely, the destinations aren't speaking frequently enough to keep their addresses populated in the FDB and getting subsequently flooded; see http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d0808.shtml for a discussion on different causes.
> Isn't switching about dedicated channels
> across the switchmatrix, forming full-
> duplex paths for every frame from one
> port to the other
Not as long as we're stuck in a .1d bridge world.
More information about the cisco-nsp
mailing list