Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only

[Roland Dobbins <rdobbins () cisco com>]

On Apr 9, 2006, at 9:29 PM, Valdis.Kletnieks () vt edu wrote:

> The usual cause for this is a busticated NIC - in years gone by,  
> similar
> things were caused by "jabbering" transceivers that would start  
> transmitting
> their packet sooner than the spec allowed, resulting in the first  
> few bytes
> being dropped, or noise bytes being added...
>
> There's an outside chance that there's a packet-crafting program  
> with an
> off-by-one error, but I've seen this caused more often by broken  
> hardware.


Good point - this is where an analysis of the traffic would be  
helpful, to see if there appear to be 'conversations' taking place or  
if it's just random garbage (I suspect the latter as you indicate,  
but that's purely speculative without data).

----------------------------------------------------------------------
Roland Dobbins <rdobbins () cisco com> // 408.527.6376 voice

     Everything has been said.  But nobody listens.

                   -- Roger Shattuck