Would really appreciate some help with the following issue. Computers with the rogue sensor installed are constantly attempting TCP connections an a very large number of ports to all hosts on its broadcast domain. These connection attempts look like a port scan to my security devices and, needless to say, they don't like that.
My understanding is that the rogue sensor is strictly passive and it only "listens" for traffic. That is certainly not the case in my environment. As soon as the sensor is removed from a host, it stops attempting those TCP connections.