This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Other LAN IP addresses captured. Why?

0

I conducted a capture from a workstation to troubleshoot an application. I built a filter to drop all traffic from the workstation and only show me TCP traffic. What I am seeing is the switch is forwarding TCP packets from the WAN to the workstation. I reviewed the configuration for the switchport and it is NOT trunked but rather configured for switchport mode access. Am at a loss as to why I am seeing this occurring on a switch that is doing layer 2 switching.

Any ideas?

asked 24 Dec '13, 06:07

EdJ's gravatar image

EdJ
166610
accept rate: 0%

I built a filter to drop all traffic from the workstation and only show me TCP traffic.

what is the filter you were using?

(27 Dec '13, 04:08) Kurt Knochner ♦

One Answer:

0

Is it broadcast traffic from the switch that you're seeing hitting the workstation? Most likely, the WAN is passing packets to the switch, the switch is not finding the destination for those packets in it's tables, and it is sending the traffic out all interfaces. I believe that would be the expected behavior for the scenario that you're describing.

answered 26 Dec '13, 21:27

Frobbotzim's gravatar image

Frobbotzim
7115
accept rate: 33%