Link to home
Create AccountLog in
Switches / Hubs

Switches / Hubs

--

Questions

--

Followers

Top Experts

Avatar of lane223
lane223

spurious traffic on switch port (not to the server's IP)
I'm monitoring a switch port with a span session (only one session in the switch) because of a VoIP system issue we are having. Basically there is a loss of connectivity between servers and the PBX:

csta-atl-1.0\csta-atl-1.0.exe.7940(SMAlarm_LinkLost): Error[456] -> Telephony gateway acs_lindorff lost CTI link (Primary).

I see no physical disconnect on the port at the time of the incident. I also got a monitor ping going to that PBX server every 30 sec.... don't see any problem there either. I am running dumpcap.exe on a separate server collecting packets continuously.  The IP of the server that I am monitoring is 10.10.207.31.  The only thing strange that I've found is traffic between two different IPs on that port right about the same time as the above error message. (and this ain't no hub!:

5101681      2323.813316000      10.10.207.33      10.10.207.42      TCP      60      [TCP Keep-Alive] microsoft-ds > capioverlan [ACK] Seq=1 Ack=1 Win=64691 Len=1

5100574      2321.829030000      10.10.207.33      10.10.207.42      TCP      60      [TCP Keep-Alive] microsoft-ds > capioverlan [ACK] Seq=1 Ack=1 Win=64691 Len=1

5090267      2304.316582000      10.10.207.33      10.10.206.46      TCP      96      27911 > ff-sm [PSH, ACK] Seq=1 Ack=1 Win=64877 Len=42

Zero AI Policy

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

Avatar of Sandeep GuptaSandeep Gupta🇮🇳

you can create an ACL for all know IPs and deny rest (unknown IP ) and apply that ACL at switch port.
Avatar of lane223lane223

ASKER

Those IPs do need to connect to the PBX. 10.10.207.33 is the VoIP application server and the other  IPs are workstations. What I can't get my head around is why is traffic between two different IPs  show on that port.

traffic from those IPs to 10.10.207.31 ok, but not between other IPs.
Avatar of Sandeep GuptaSandeep Gupta🇮🇳

there must be some misconfiguration, can you please post a dagram and configs you have done for the setup and identiy yourproblem in the picture as well?
Reward 1Reward 2Reward 3Reward 4Reward 5Reward 6

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

ASKER CERTIFIED SOLUTION
Avatar of lane223lane223

ASKER

Link to home
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Create Account
Avatar of Sandeep GuptaSandeep Gupta🇮🇳

good..
Switches / Hubs

Switches / Hubs

--

Questions

--

Followers

Top Experts

A switch is a device that filters and forwards packets of data between LAN segments. Switches operate at the data link layer or the network layer of the Open Systems Interconnection (OSI) Reference Model and therefore support any packet protocol. LANs that use switches to join segments are called switched LANs or, in the case of Ethernet networks, switched Ethernet LANs. A hub is a connection point for devices in a network. Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports; when a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.