Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1257
Views
0
Helpful
0
Replies

tcpdump on a 3750 port shows foreign tcp flows

davidharan1
Level 1
Level 1

‎05-22-2009 05:53 AM - edited ‎03-06-2019 05:52 AM

hi,

on basically every 3750 stack in our network, if i tcpdump on any port, i will generally see tcp flows where neither the source nor destination is related to the machine upon which i'm tcpdump'ing.

we generally use stacks of WS-C3750G-48TS, WS-C3750G-48PS... running Advanced IP services, 12.2(37)SE. but i have the feeling i've seen this behaviour on other IOSs as well.

bizarrely i generally see only 1 foreign flow at a time... i.e. it's not like all traffic is instantly broadcast on all ports. i've also checked particular flows and found that there is active entries in the arp and mac tables, indicating that the switch knows exactly where the flow is supposed to go... but is somehow copying the flow to all other ports just for fun.

this behviour has occurred on systems without span config.

anyone have any ideas? has anyone seen anything similar?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents