Wireshark-users: [Wireshark-users] Why can I see non-broadcast traffic not involving the caputrin
When running Wireshark, I see non-broadcast traffic that is not destined
to, or originating from, the capturing workstation.
I know the traffic is a workstation attempting to get an update from a
McAfee EPO server was offline at the time. The packets are very small.
There also are other similar sized conversations between workstations
and printers.
Frame 309 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: Cisco_.... , Dst: HewlettP_....
Internet Protocol, Src: xxxx Dst: xxxx
Transmission Control Protocol, Src Port: 2408 (2408), Dst Port: 9112
(9112), Seq: 0, Len: 0
We are in a switched environment. I have been questioned why I can see
non broadcast conversations that do not involve my workstation. My
opinion is that these are runt packets that are irrelevant. Is it normal
to see this traffic? Would this be a reasonable answer?
Thanks in advance for your assistance.
Conrad Bialobzyski
Conrad.Bialobzyski@xxxxxxx