From: Jon Hart (jhart@spoofed.org)
Date: Mon Oct 16 2006 - 17:53:38 EDT
On Mon, Oct 16, 2006 at 03:55:43PM -0400, Buz Dale wrote:
> I can think if a couple of possibilities. 1) This is
> broadcast/multicast traffic. 2) The mac addresses are unknown to the
> switch (So it will flood to find them.) 3) The port could be a trunk or
> a mirror of a trunk.
I am also seeing normal broadcast/multicast traffic, but that is to be
expected. #3 is not the case here.
As for #2, thats kinda where I was going with my original question --
why would a switch that is processing a session between two endpoints
suddently forget the MAC? Yes, there are timeouts in play here, but
aren't those along the lines of several minutes?
Thanks,
-jon
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:13 EDT