Ethereal: [Ethereal-users] Newbie Question - Why can I see traffic between two hosts on a switched network?

Ethereal-users: October 2005

Subject: [Ethereal-users] Newbie Question - Why can I see traffic between two hosts on a switched network?
From: "Ben Langridge" <bl243@xxxxxxxxxxxxxxx>
Date: Wed, 12 Oct 2005 10:30:36 +0100

Hi,

Running Ethereal on my switched (Cisco) network, I occasionally see TCP packets
that have a source and destination address neither of which are my own machine
or broadcast addresses.  Surely without some ARP poisoning/flooding, I shouldn't
be able to see these on a switched network?

Anyone have any experience with this?

Here's an example packet:

No.     Time        Source                Destination           Protocol Info
   1035 44.576320   10.5.14.18            10.5.6.52             TCP      721 >
printer [SYN] Seq=0 Ack=0 Win=65535 Len=0 MSS=1460

Frame 1035 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: 10.5.14.18 (00:06:5b:3d:37:05), Dst: LexmarkI_48:81:38
(00:04:00:48:81:38)
Internet Protocol, Src: 10.5.14.18 (10.0.14.18), Dst: 10.5.6.52 (10.0.6.52)
Transmission Control Protocol, Src Port: 721 (721), Dst Port: printer (515),
Seq: 0, Ack: 0, Len: 0

I sometimes see HTTP packets not addressed to/from me also.

Cheers
Ben

-----------------------
Ben Langridge

Network Officer
MISD Network Support
University of Cambridge
01223 (3) 32997
-----------------------

Prev by Date: RE: [Ethereal-users] Is ethereal the right software for me?
Next by Date: Re: [Ethereal-users] [Announce] SS7 monitoring hardware now available for Ethereal
Previous by thread: Re: [Ethereal-users] protocol hierarchy view, crashes for VLAN packets
Next by thread: Re: [Ethereal-users] Newbie Question - Why can I see traffic between two hosts on a switched network?
Index(es):
- Date
- Thread