13 years ago
I did a WireShark packet trace this evening on the network. I was
surprised to see quite a few packets that weren't meant for me.
Naturally I saw packets from my PC to the network, some replies, and
broadcasts such as ARPs and Windows name registrations. However, I
also recieved packets addressed to other host's IP addresses and MAC
addresses. (I am, of course, the only PC connected to that particular
switch port - I'm not hanging off a hub that's connected to the switch
My understanding of networking is that as soon as I send an Ethernet
packet, the switch 'knows' my MAC address is on 'my' Ethernet port.
When forwarding packets, it won't bother sending me packets that
aren't destined for my MAC address.
I think this is a symptom of networking problems; we have a *huge*
broadcast domain of thousands of Ethernet outlets spread across many
buildings, and quite a few secondary VLANs that don't have anywhere
near as many outlets, but still distributed across the many buildings.
The network is mainly made up of HP ProCurve 26xx switches.
My assessment is that we probably have more MAC addresses across all
the VLANs that the HP ProCurve fabric is capable of handling, and so
old learned addresses are being dropped as new ones are learned so the
fabric is flooding packets. It's by no means all packets, but, say
5-10 per second.
What do you think? Do we need to think about segmenting into separate
Ethernet domains separated by L3 switches?