sam sneed wrote: > > My guess is that your sniffer sees them as 60 bytes, since most > sniffers > leave don;t count the CRC which is 4 bytes.
That's a good point. The NIC strips the CRC. Some analyzers do let you configure the NIC to capture the CRC. Usually this isn't necessary unless you happen to be the programmer who has the job of developing and troubleshooting the CRC calculation. The analyzer can still tell you a CRC error count, of course, even if it doesn't capture the actual 4 bytes of the CRC itself, as you know, I'm sure. > Most of these are > ARP packets. And BPDU, Ethernet keepalives, TCP ACKs, CDP in some cases, IGMP sometimes, some SNMP queries. There may be more. My network has a ton of AARPs for example. Priscilla > > ""Alejandro Acosta Alamo"" > wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hello again, > > Priscilla, you have said that an ethernet frame must be at > least 64 > bytes, > > right?. I have just placed an sniffer on my LAN and I found > over 3000 out > of > > 15.000 packets. Does this mean that 20% of those packets are > illegal? > > > > Thanks > > > > Alejandro Acosta > > > > ----- Original Message ----- > > From: "Priscilla Oppenheimer" > > To: > > Sent: Monday, July 08, 2002 1:08 PM > > Subject: RE: Cut-through vs Store & Forward [7:48316] > > > > > > > Alejandro Acosta Alamo wrote: > > > > > > > > Hello, > > > > I understand the differences between Cut-through and > Store & > > > > Forward. My > > > > question is: How do you decide with method to use?, in > whch > > > > situation have > > > > you change the switching method?. > > > > > > > > Thanks > > > > > > > > Alejandro Acosta > > > > > > > > > > > A lot of switches support only one method, so you don't > have a choice. > If > > > you do have a choice, the decision is based on the number > of errors on > > your > > > network. Cut-through doesn't do any error checking and in > fact forwards > > > frames that have a bad CRC or are too short. Ethernet says > that frames > > must > > > be at least 64 bytes. Anything less is considered a > fragment and is > > illegal. > > > Cut-through forwards fragments that have an entire > destination address > > that > > > can be looked up to get a port number. > > > > > > If your switch connects many shared networks, then CRC > errors and > > fragments > > > due to collisions are normal. But why waste bandwidth > forwarding these > to > > > other ports on the LAN? In this case, you might want to go > with > > > store-and-forward which does not forward errored frames or > fragments. > > > > > > If your switch connects single devices all using > full-duplex, then it's > > > unlikely that you are experiencing many CRC or fragments. > So, > cut-through > > > makes the most sense. > > > > > > > > > Priscilla Oppenheimer > > > http://www.priscilla.com > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48566&t=48316 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
