When I snoop the sniffing interface on one of my sensors, I see the following:
? -> * ETHER Type=8100 (Unknown), size = 130 bytes
? -> * ETHER Type=8100 (Unknown), size = 326 bytes
? -> * ETHER Type=8100 (Unknown), size = 130 bytes
? -> * ETHER Type=8100 (Unknown), size = 70 bytes
? -> * ETHER Type=8100 (Unknown), size = 406 bytes
? -> * ETHER Type=8100 (Unknown), size = 70 bytes
? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
? -> * ETHER Type=8100 (Unknown), size = 326 bytes
? -> * ETHER Type=8100 (Unknown), size = 70 bytes
? -> * ETHER Type=8100 (Unknown), size = 130 bytes
? -> * ETHER Type=8100 (Unknown), size = 130 bytes
? -> * ETHER Type=8100 (Unknown), size = 406 bytes
? -> * ETHER Type=8100 (Unknown), size = 70 bytes
? -> * ETHER Type=9000 (Loopback), size = 60 bytes
The sensor appears to be functioning correctly and has set off some alarms. I am just curious why the traffic looks like that. Is this a problem with the way the port is configured? Is the sensor able to understand this traffic?
By the way, this is a 4235 running 3.1(3)S42.
Thanks in advance.