Networking, security

Posted on 2012-09-21
Last Modified: 2012-09-21
A previous thread suggested that since a NIC in promiscuous mode receives
packets destined to other nodes in addition to its own node provided these other nodes are contained in the same broadcast domain (as defined as a set of interconnected nodes on one or multiple switches or Hubs).  And thus a sniffer on the node with the promiscuous NIC could endanger the security of the network.

I am confused about one thing.  I see this happening with nodes on a hub as the packets are sent to each node (which opens the possibility of collisions)

However, with a switch, only packets destined for each node are routed to that node from the switch,  This would prevent collisions.  However, wouldn't that mean that a promiscuous NIC on a node on a switch can only
'see' or 'sniff' packets destined to that individual node, not other nodes on the broadcast domain ?

Question by:Los Angeles1
    LVL 68

    Accepted Solution

    It depends on the type of "switch" and ist configuration.

    Layer-2 switches ("Bridges" should be a more  appropriate term) are not aware of the higher level protocols.

    Layer 2 works on MAC addresses exclusively so if you don't have a switch that is able to analyze the higher protocol levels all NICs connected to that particular switch receive all packets, and can pass them to the CPU if in promiscuous mode.

    The use of Layer-2 bridges is almost out of fashion today, and the layer 3 functionality of modern switches actually prevents sniffing, if they are configured to actually work on that layer.

    I thought I already mentionend this functionality in the thread you're referring to in your question...

    Author Closing Comment

    by:Los Angeles1
    Yes, you had mentioned that L3 allowed separation.  Did not connect the dots

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
    Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
    Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
    In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now