Let's say that we have three IPs on the same subnet, each IP belongs to one computer, and each IP corresponds to one port on an ethernet switch. Make those ports A B and C on the switch.
Occasionally when I run a sniffer on port C, I'll see traffic that is going from A to B. It is usually UDP traffic, and I'll see the return packets as well. I've examined the Mac addresses, and it's clear that the source and destination Mac and IP do not belong to the computer that is sniffing the network on C. There is nothing configured in the switch to allow that traffic to be seen on port C.
This is happening maybe for two packets every two hours, and it seems fairly random behavior that targets just a few packets rather than entire TCP conversations. Should I be passing this off as just bad firmware in a low quality ethernet switch (in this case it is a Netgear gigabit switch)? Or is such an event a statistically rare but normal occurrence on many ethernet switches?