This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Unrelated port traffic in switched environment

0

Hi all,

maybe it is a very simple question, but i am new to network monitoring and i am courious.

We use Dell PowerConnect 28xx series of managed switches. I did monitor the communication of printer that makes some trouble when it comes to sending mails. I use an old hub instead of port mirroring, because I'm more flexible with it. Cables are plugged in the hub as follows.

Hub <- (printer, local network (switched), monitoring laptop)

Question:

Is it normal for a switched environment, that I can see traffic completly unrelated to the printer on my monitored Port? I don't mean broadcast or multicast traffic, but traffic like packets from our gateway to our webserver and stuff like that. There are many TCP packets from a bunch of hosts, wich all are communicating with other hosts, but not the monitored printer. Can this somehow be explained?

Maybe VLAN related? There is one VLAN configured on the switch, but only for the uplink ports. And I don't see the traffic for that VLAN on my monitored Port...

Any comments or hints are appreciated.

asked 30 Dec '16, 01:19

delis's gravatar image

delis
6112
accept rate: 0%


One Answer:

1

Those are most likely just flooded packets where the switch had to learn the MAC address first. Check this blog post for some more details:

https://blog.packet-foo.com/2016/10/the-network-capture-playbook-part-1-ethernet-basics/

answered 30 Dec '16, 04:16

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%