Hey guys! I'm no expert in Wireshark or 802.11. But we have here a situation. Our Core (Catalyst 4507) is having high cpu all day. Cisco TAC says that some traffic with mac address 00:00:00:00:00:00 is hitting it's CPU pretty hard (80-95%) and that traffic is coming from the port where the wireless controller (Cisco WLC 5508) is connected. I sniffed the core interface where this WLC is connected during 10 minutes. I got 321213 packets and 53% of those packets are those with mac-address 00:00:00:00:00:00. Digged a little deep and found that they were something called Probe Request. I uploaded a sample capture of those probe requests do CloudShark My questions are: 1- Is this probe request normal? 2- Is this supposed to make the CPU go that high? Thanks! asked 03 Oct '14, 07:12  rafaelbn |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
