Solved

HTTP POST packets in broadcast

Posted on 2016-11-01
5
25 Views
Last Modified: 2016-11-02
Experts,

Do HTTP POST packets appear in a broadcast?

Suppose client-1 10.10.10.50/24 tries to authenticate to server 10.10.20.50/24 via HTTP.  
client-2 on 10.10.20.51/24 is sniffing the wire. Will the hTTP POST be broadcasted to client-2?
0
Comment
Question by:trojan81
  • 2
  • 2
5 Comments
 
LVL 7

Assisted Solution

by:James Bilous
James Bilous earned 250 total points
ID: 41868585
Yes, someone sniffing the wire could see the post packets being sent, which is why encryption is always recommended for authentication.
0
 
LVL 23

Accepted Solution

by:
Dr. Klahn earned 250 total points
ID: 41868593
HTTP packets are unicast to a specific address, not broadcast.

The interface on client 2 that is (presumably) in promiscuous mode sniffing the network will see the packet because it is in promiscuous mode.
0
 

Author Comment

by:trojan81
ID: 41868608
DR Khan, since the http packet is unicast to the server and not broadcast, explain how client-2 will always see the packet even in promiscuous mode
0
 
LVL 23

Expert Comment

by:Dr. Klahn
ID: 41868617
A network interface that is in promiscuous mode sees all traffic on its network.  This is how traffic sniffers work -- promiscuous mode works on any interface on any system.  There is no special hardware involved.
0
 
LVL 7

Expert Comment

by:James Bilous
ID: 41868624
I believe that this is more true for wireless than it is for ethernet. With the right MAC Address tables set up on intermediary routers between the source and destination machines, a node with a NIC in promiscuous mode does not necessarily see the traffic passed between the two. On wireless, all unicast packets can be seen by the NICS in transmission range.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now