I got a call from our Systems and Security guys today to talk about a Wireshark capture they had done from a user VLAN. They had noticed two frames that were destined for some seemingly random host in the same network as they were in, but the source and destination IP addresses reported by Wireshark made no sense. The frames were from a web server to an IP address on our wireless network. The web server is on the other side of the firewall, and the wireless network is on the other side of the controller; there was no reason at all that a packet with that source and destination would show up here.
Tag: capture
Be sure to check out PacketLife.net if you want to do some labbing with Cisco gear.