1 | initial version |
I think this is operator error (aka SMH as I feared). Reviewing the captured trace file again I see the traffic from hosts other than the Windows 10 system are either broadcasts or connections from the system itself. The multiple IPv6 addresses I saw come from the collection Windows has established for the same system. I will try the port mirroring on the TP-Link switch when I'm next on site in the next couple of months. Thank you for all the very helpful pointers.