Forum Thread: Networking 101-Part2

Earlier we've seen that how the HUBs can't understand any incoming frames, and flush the traffic out of all of it's ports except the port in which it received the frame. Now, this can be considered as a vulnerability in a company, if any of it's employee were to spy on each other or cause any DDOS attack. Now HUB comes under the Layer2 devices of the OSI model, thus works only with the FRAMEs, rather than the PACKETs.

2. Switches

Intro- Switches resides in the Layer2 and Layer3 in the OSI model. Today we 'll be focusing on the Layer2 switches, and how they can replace HUBs.

So the configuration that i selected with the switch is:

Star topology, with the 3 PCs each assigned a Unique IP addresses: PC1 having 10.1.1.1/24 PC2 having 10.1.1.2/24 and PC3 having 10.1.1.3/24. So i'm gonna let PC1 and PC2 communicate with each other while sniffing the traffic through PC3 i.e Can PC3 hear the conversations going b/w PC1 and PC2? Let's analyze..

>Pinging PC2 from PC1:

Ping succeeds, So now let's Analyze the capture:

  1. Capture from PC1:

ARP message was sent first because PC1 needs to know the MAC address of the destination network node and it can learn using the Address Resolution Protocol. Then PC2 replies the ARP broadcast that it received specifying it's MAC with the associated IP. When both the PCs knows where the MAC of each of the particular IP resides, then the rest of communication can begin. Here the role of switch is important, because at the same time during, the sending and receiving of the ARP request, by analyzing the frame, switches learns which MAC address resides at which of it's Port. So therefore, redirecting the traffic only at specific port of the received MAC address in the FRAME.

So here PC3 will not receive any ICMP messages, because Switch will only forward FRAME to the destination MAC address it receives.

Capture from PC2:

Capture from PC3 till the transmission of whole ICMP messages:

SO PC3 only received one ARP broadcast during the whole conversation, and That's it. It 'll not receive any other frames which aren't destined for it. Unlike HUB

Our Best Hacking & Security Guides

New Null Byte posts — delivered straight to your inbox.

Be the First to Respond

Share Your Thoughts

  • Hot
  • Active