Hi All,
I did a WireShark packet trace this evening on the network. I was surprised to see quite a few packets that weren't meant for me.
Naturally I saw packets from my PC to the network, some replies, and broadcasts such as ARPs and Windows name registrations. However, I also recieved packets addressed to other host's IP addresses and MAC addresses. (I am, of course, the only PC connected to that particular switch port - I'm not hanging off a hub that's connected to the switch port).
My understanding of networking is that as soon as I send an Ethernet packet, the switch 'knows' my MAC address is on 'my' Ethernet port. When forwarding packets, it won't bother sending me packets that aren't destined for my MAC address.
I think this is a symptom of networking problems; we have a *huge* broadcast domain of thousands of Ethernet outlets spread across many buildings, and quite a few secondary VLANs that don't have anywhere near as many outlets, but still distributed across the many buildings.
The network is mainly made up of HP ProCurve 26xx switches.
My assessment is that we probably have more MAC addresses across all the VLANs that the HP ProCurve fabric is capable of handling, and so old learned addresses are being dropped as new ones are learned so the fabric is flooding packets. It's by no means all packets, but, say
5-10 per second.What do you think? Do we need to think about segmenting into separate Ethernet domains separated by L3 switches?
Kind regards,
Anwar