Alex, Thanks for the info. I'll have to check out the book you mention. Any other good sources you could recommend?
From: Alex Lindberg <alindber@xxxxxxxxx>
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Sent: Tuesday, April 21, 2009 8:40:56 PM
Subject: Re: [Wireshark-users] Cisco traffic
What you are seeing is completely correct. By default Spanning Tree (STP) sends mac level multicast packets every two seconds. All ports that have Spanning Tree, or one of the many STP flavors enabled, will have something like this.
One of the foundation texts for network analysis is "Interconnections.." by Radia Perlman. She wrote version one while working for DEC back in the day. IMHO, everyone who looks a packets should have
this text in their library. (I don't intend to start a flame war about what is "best", this is just my opinion from an old guy who remembers vampire taps, etc...)
Alex Lindberg
--- On Tue, 4/21/09, C
H <sea.kayaker@xxxxxxxxx> wrote:
From: C H <sea.kayaker@xxxxxxxxx>
Subject: [Wireshark-users] Cisco traffic
To: "wireshark" <wireshark-users@xxxxxxxxxxxxx>
Date: Tuesday, April 21, 2009, 1:30 PM
I'm trying to troubleshoot some network traffic issues and found a packet with a delta time that's a bit long. It's generated by a cisco device (probably the switch, since it shows a Spanning Tree Protocol), but not sure why the delta time is a bit long. Any thoughts?
Delta time: 1.98... seconds
Source: Cisco_93:18:8b
Destination: PVST+
Protocol: STP
Info Conf. Root = 8193/00:1b:8f:8f:5a:00 Cost=4
Port=0x800b
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe |
