4

I was just doing tcpdump on a linux server connected directly to a provider, and about every second and a half there is a line like this:

00:19:49.926700 00:15:c6:::** (oui Unknown) > 01:00:0c:cc:cc:cd (oui Unknown) SNAP Unnumbered, ui, Flags [Command], length 50 (second half of the MAC starred when posting)

What can this be? Would this in any way be disruptive to the network (which is being used for VOIP) or indicative of another problem?

Nakilon
  • 128
  • 1
  • 1
  • 8
yayim
  • 75
  • 1
  • 1
  • 7

1 Answers1

5

It looks like it is your Cisco switches running the Spanning Tree Protocol. (I did a look up 00:15:c6 is a Cisco MAC and 01:00:0c:cc:cc:cd is the multicast MAC address Cisco Shared Spanning Tree Protocol).

If you don't have any loops in your switch topology you could turn it off, but I doubt it will impact performance.

shf301
  • 241
  • 1
  • 4
  • This is a direct line that is coming from an outside provider, would it make sense that it's coming from them? – yayim Oct 23 '09 at 05:27
  • If they're using a hybrid switch/router (like the Cisco 6509) for the physical connection, maybe. Similarly if they're using dot1q sub-interfaces on a router, then using distribution switches. Though it's good practise to switch off protools that aren't needed (liek CDP or STP) on those interfaces. – Vatine Oct 23 '09 at 09:28