Whenever the switch receives a packet for which it doesn't find the destination mac address in its "forwarding database", it sends that packet to all Ports in that VLAN. These are known as "unknown unicast" messages. You probably are seeing those packets.
One way to block this is to have the ports configured to block these packets by using "port block unicast" however I don't think this would work out well in most scenarios. I would suggest moving all your "Secure Machines" into a different VLAN and then use a Router (or RSM) to route between VLANS. Regards \\ Naman > -----Original Message----- > From: netsec novice [mailto:netsec9@;hotmail.com] > Sent: Tuesday, November 05, 2002 8:14 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: Network Configuration Question? > > > I recently saw similar behaviour running tcpdump on my > workstation that is > attached to a Cisco catalyst switch. I would be interested > to find any > answers myself. > > > > > > > >From: "Ian Lyte" <[EMAIL PROTECTED]> > >To: <[EMAIL PROTECTED]> > >Subject: Network Configuration Question? > >Date: Mon, 4 Nov 2002 16:58:37 -0000 > > > >Hi All, > > > > On a corporate machine, I was having trouble removing > the TinyBar > >scrote-ware that had installed itself surreptitiously onto > my machine. > >As part of the process of tracking down how it was running, I > >downloaded a small packet sniffer and ran it so I could attempt to > >trace the outgoing target address of the pop-up window. > > > > We are on a 100mbs switched network (I believe switched but ..). > > > > Now imagine my surprise when I could pick up traffic > from around 6 > >other > >machines, including HTTP, POP, SMTP and all the associated passwords. > > > > Some of the machines were geographically close to me in > the office > >but not all. How could this happen on a switched network - > has one of > >the switches fallen over into broadcast mode or something? > If so how do > >I go about determining (remotely) why/how it has fallen > over, who else > >is on the segment, and what other avenues do I have to explore? > > > > Thanks in advance > > > >Ian > > > _________________________________________________________________ > Unlimited Internet access for only $21.95/month. Try MSN! > http://resourcecenter.msn.com/access/plans/2monthsfree.asp > >
