Hi, An Ethernet switch tries to make an educated _guess_ where to send the frames it receives. It wants to be smarter then a hub, which sends it out of all its ports. How does a switch know where to send the frame then. It does so based on the destination MAC address. (VLAN's are left beyond this discussion). So it needs to know which port connects to which MAC address. You said yourself the relevant host was offline, so the switch didn't know (any more) where this MAC address was. In order to keep the network going it sends it through all ports, in the hope it learns the port related to the MAC address when the host resonds. Since it doesn't it won't learn, so you keep seeing the frames on all ports.
Thanx, Jaap On Thu, 14 Dec 2006, Conrad Bialobzyski wrote: > > When running Wireshark, I see non-broadcast traffic that is not destined > to, or originating from, the capturing workstation. > > I know the traffic is a workstation attempting to get an update from a > McAfee EPO server was offline at the time. The packets are very small. > There also are other similar sized conversations between workstations > and printers. > > Frame 309 (62 bytes on wire, 62 bytes captured) > Ethernet II, Src: Cisco_.... , Dst: HewlettP_.... > Internet Protocol, Src: xxxx Dst: xxxx > Transmission Control Protocol, Src Port: 2408 (2408), Dst Port: 9112 > (9112), Seq: 0, Len: 0 > > We are in a switched environment. I have been questioned why I can see > non broadcast conversations that do not involve my workstation. My > opinion is that these are runt packets that are irrelevant. Is it normal > to see this traffic? Would this be a reasonable answer? > > Thanks in advance for your assistance. > > > > Conrad Bialobzyski > > [EMAIL PROTECTED] > > > > _______________________________________________ > Wireshark-users mailing list > [email protected] > http://www.wireshark.org/mailman/listinfo/wireshark-users > > _______________________________________________ Wireshark-users mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-users
