I am doing research to see if an application on a computer that is connected to the network port of an IP phone (7940/60/70/etc) can "see"
the attached phone. I am doing this by using a packet sniffer to look for skinny heartbeats between the phone and CallManagers in a cluster. I am seeing the skinny heartbeats for my attached phone, but I am also seeing heartbeats and acks between other phones and other CallManager clusters. These are TCP packets with IPs and MACs that do not match my phone or PC. I don't understand why I am even able to see these packets. My phone (and the others that I see heartbeats from) are all attached to a 3548 switch which is connected to a core Catalyst 6000 switch.
Does anyone know what could be causing my sniffing application (Ethereal) on my PC to be able to see TCP traffic that is not even directed to my phone or PC? (There are no SPAN sessions on the switch. There is no hub between my PC, the phone, and the switch. This is recreatable and persistent.) I can provide additional information if needed.