Why am I to listen to all traffic in my network?

Question

I have the following network layout:

Cable Modem (in modem mode) => Asus RT-AC68U => Aruba Instant On 1930 24G switch => NETGEAR 16 Port switch (GS316P). I wanted to do some network traffic capture so I installed Wireshark on my MacBook Pro. I was going to use the Port Mirroring feature of my Aruba switch to "listen" on a device I wanted to see what it was doing. However I noticed that even before I enabled port mirroring on the Aruba switch I could pretty much see all traffic on Wireshark on my MacBook Pro. How is this possible? I thought switches only sent traffic to the ports where the Mac Address is listed. Maybe I have multiple cables going to the Asus or Netgear and the traffic is looping back? If that's the case how do I identify the offending ports?

Thanks!

score 1 · Answer 1 · answered Feb 16 '22 at 23:03

1

In a Switch, if we connect a sniffer to a port, the only thing we will see is the Broadcast Multicast, Unicast, and ARP traffic (Layer 2 OSI Model) in addition to the traffic sent or received by that device where we have our sniffer, but only that traffic, then, when you enable a port mirror, in addition to the traffic that just I commented you, you will see the traffic of the port mirroring.

answered Feb 16 '22 at 23:03

Javier Alfredo Hernandez

47
3

Connect two switches with multiple cables and see what happens! – GreenLantern22 Feb 18 '22 at 00:05

Why am I to listen to all traffic in my network?

1 Answers1