Networking, security

A previous thread suggested that since a NIC in promiscuous mode receives
packets destined to other nodes in addition to its own node provided these other nodes are contained in the same broadcast domain (as defined as a set of interconnected nodes on one or multiple switches or Hubs).  And thus a sniffer on the node with the promiscuous NIC could endanger the security of the network.

I am confused about one thing.  I see this happening with nodes on a hub as the packets are sent to each node (which opens the possibility of collisions)

However, with a switch, only packets destined for each node are routed to that node from the switch,  This would prevent collisions.  However, wouldn't that mean that a promiscuous NIC on a node on a switch can only
'see' or 'sniff' packets destined to that individual node, not other nodes on the broadcast domain ?

Los Angeles1Asked:
Who is Participating?
woolmilkporcConnect With a Mentor Commented:
It depends on the type of "switch" and ist configuration.

Layer-2 switches ("Bridges" should be a more  appropriate term) are not aware of the higher level protocols.

Layer 2 works on MAC addresses exclusively so if you don't have a switch that is able to analyze the higher protocol levels all NICs connected to that particular switch receive all packets, and can pass them to the CPU if in promiscuous mode.

The use of Layer-2 bridges is almost out of fashion today, and the layer 3 functionality of modern switches actually prevents sniffing, if they are configured to actually work on that layer.

I thought I already mentionend this functionality in the thread you're referring to in your question...
Los Angeles1Author Commented:
Yes, you had mentioned that L3 allowed separation.  Did not connect the dots
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.