- Posts: 16
- Thank you received: 0
NIC
18 years 2 weeks ago #18722
by S0lo
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
The only two states I know about are "promiscuous mode" and "non-promiscuous mode"
promiscuous mode allowes an interface to capture frames not destined to the it's own MAC address. In other words a host on promiscuous mode can take all the frames that passes through up to the Application layer, so sniffer sofware can view them.
Normally a host is on "non-promiscuous mode" so it can only see it's own traffic (frames that have the source or destination MAC the same as the host interface). Surley it can see broadcast traffic too.
On the other hand, A router interface has to be on "promiscuous mode" as far as I know.
Experts, Please correct me if I'm wrong.
promiscuous mode allowes an interface to capture frames not destined to the it's own MAC address. In other words a host on promiscuous mode can take all the frames that passes through up to the Application layer, so sniffer sofware can view them.
Normally a host is on "non-promiscuous mode" so it can only see it's own traffic (frames that have the source or destination MAC the same as the host interface). Surley it can see broadcast traffic too.
On the other hand, A router interface has to be on "promiscuous mode" as far as I know.
Experts, Please correct me if I'm wrong.
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
18 years 2 weeks ago #18723
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Hi S0lo,
You are quite correct apart from the router part. I am pretty sure that the router still doesn't operate in premiscuous mode, simply because it would need to process every packet for that subnet which is unnecessary unless its a packet that needs to be routed.
I machine will check (using the subnet mask) to see if the packet is for its own subnet or needs to be routed. If it needs to be routed then it will send a unicast packet to the router using the routers MAC address, then the layer 2 MAC information is stripped and the next hop will be added to be routed onwards.
Etherent uses the CSMA/CD to detect a collision on the wire and then it will use a backoff algorithm to then make the two hosts that collided on the wire wait until it tries again.
You are quite correct apart from the router part. I am pretty sure that the router still doesn't operate in premiscuous mode, simply because it would need to process every packet for that subnet which is unnecessary unless its a packet that needs to be routed.
I machine will check (using the subnet mask) to see if the packet is for its own subnet or needs to be routed. If it needs to be routed then it will send a unicast packet to the router using the routers MAC address, then the layer 2 MAC information is stripped and the next hop will be added to be routed onwards.
Etherent uses the CSMA/CD to detect a collision on the wire and then it will use a backoff algorithm to then make the two hosts that collided on the wire wait until it tries again.
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
18 years 2 weeks ago #18725
by TheBishop
For a discussion of CSMA/CD have a look at
www.firewall.cx/ethernet-media-access.php
18 years 2 weeks ago #18726
by S0lo
Thanks Smurf Yes, I forgot that the router does not need to see frames destined to other MACs in the same subnet, it only needs to route traffic that wants to go to another subnet, and that traffic surley has the MAC of the router since the router is the gateway.
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
I machine will check (using the subnet mask) to see if the packet is for its own subnet or needs to be routed. If it needs to be routed then it will send a unicast packet to the router using the routers MAC address, then the layer 2 MAC information is stripped and the next hop will be added to be routed onwards.
Thanks Smurf Yes, I forgot that the router does not need to see frames destined to other MACs in the same subnet, it only needs to route traffic that wants to go to another subnet, and that traffic surley has the MAC of the router since the router is the gateway.
Studying CCNP...
Ammar Muqaddas
Forum Moderator
www.firewall.cx
18 years 2 weeks ago #18727
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Although a bridge will forward all traffic, however it will only do this on Layer 2 and not pass any traffic further up the layers as bridges are not layer 3 aware.
Cheers
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.133 seconds