Networking, security

Posted on 2012-09-21
Medium Priority
Last Modified: 2012-09-21
A previous thread suggested that since a NIC in promiscuous mode receives
packets destined to other nodes in addition to its own node provided these other nodes are contained in the same broadcast domain (as defined as a set of interconnected nodes on one or multiple switches or Hubs).  And thus a sniffer on the node with the promiscuous NIC could endanger the security of the network.

I am confused about one thing.  I see this happening with nodes on a hub as the packets are sent to each node (which opens the possibility of collisions)

However, with a switch, only packets destined for each node are routed to that node from the switch,  This would prevent collisions.  However, wouldn't that mean that a promiscuous NIC on a node on a switch can only
'see' or 'sniff' packets destined to that individual node, not other nodes on the broadcast domain ?

Question by:Los Angeles1
LVL 68

Accepted Solution

woolmilkporc earned 2000 total points
ID: 38423720
It depends on the type of "switch" and ist configuration.

Layer-2 switches ("Bridges" should be a more  appropriate term) are not aware of the higher level protocols.

Layer 2 works on MAC addresses exclusively so if you don't have a switch that is able to analyze the higher protocol levels all NICs connected to that particular switch receive all packets, and can pass them to the CPU if in promiscuous mode.

The use of Layer-2 bridges is almost out of fashion today, and the layer 3 functionality of modern switches actually prevents sniffing, if they are configured to actually work on that layer.

I thought I already mentionend this functionality in the thread you're referring to in your question...

Author Closing Comment

by:Los Angeles1
ID: 38423741
Yes, you had mentioned that L3 allowed separation.  Did not connect the dots

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month15 days, 10 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question