network traffic visible to all ports

Posted on 2009-02-24
Last Modified: 2012-05-06
I recently started running tcpdump on our network and noticed I am seeing traffic destined for other ports on the switch. Our setup consists of HP procurve 4206 and sonicwall FW/GW.  The subnet is 10.130.102/24 on the switch--I have one machine plugged into the new switch and i have port 1 tagged to another HP switch which is tagged also on the other end. The traffic flows correctly through the network and do not have any issues seeing other machines or getting out of the network. i have a workstation on a different subnet accessing the HP switch management console and can see their traffic via the only workstation plugged into the Procurve 4206. This does not seem right? i was under the impression that I could only see packets destined for my workstation.
Question by:bradleydsmith
    LVL 7

    Accepted Solution

    For better clarity, take a look at the Destination MAC addresses of these suspect packets and see if you're getting any that:

    1)  Does not match the workstation's interface MAC you are using to sniff, and
    2)  Does not equal FF:FF:FF:FF:FF:FF.

    If you are seeing traffic for everyone, also see if you have the switch/specific port set into diagnostic/promiscuous mode.

    Author Comment

    ok will give it a try. i did look at the mac age setting on the switch and it was set to five minutes. the sonic wall gateway is set to 20 minutes, wonder if the issue resides there in the fdb aging. Also i noticed stopping STP on the procurve stops unicat flodding(if that is what my problem is)
    Thanks again.

    Author Comment

    turned out that the switch was bad and broadcasting to everyone, thanks for your help.

    Author Comment

    I gave you 100 points for trying to help.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    The article explains the protocols and technology which is involved when two computers on different TCP/IP networks communicate with each other. In the diagram, a router is used to segregate two networks. The networks are and 192…
    Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
    Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now