This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hey guys!

I'm no expert in Wireshark or 802.11. But we have here a situation. Our Core (Catalyst 4507) is having high cpu all day. Cisco TAC says that some traffic with mac address 00:00:00:00:00:00 is hitting it's CPU pretty hard (80-95%) and that traffic is coming from the port where the wireless controller (Cisco WLC 5508) is connected.

I sniffed the core interface where this WLC is connected during 10 minutes. I got 321213 packets and 53% of those packets are those with mac-address 00:00:00:00:00:00. Digged a little deep and found that they were something called Probe Request.

I uploaded a sample capture of those probe requests do CloudShark

My questions are: 1- Is this probe request normal? 2- Is this supposed to make the CPU go that high?

Thanks!

asked 03 Oct '14, 07:12

rafaelbn's gravatar image

rafaelbn
11335
accept rate: 0%

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×114
×8
×5

question asked: 03 Oct '14, 07:12

question was seen: 1,117 times

last updated: 03 Oct '14, 07:12

p​o​w​e​r​e​d by O​S​Q​A