Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

HTTP POST packets in broadcast

Posted on 2016-11-01
5
68 Views
Last Modified: 2016-11-02
Experts,

Do HTTP POST packets appear in a broadcast?

Suppose client-1 10.10.10.50/24 tries to authenticate to server 10.10.20.50/24 via HTTP.  
client-2 on 10.10.20.51/24 is sniffing the wire. Will the hTTP POST be broadcasted to client-2?
0
Comment
Question by:trojan81
  • 2
  • 2
5 Comments
 
LVL 8

Assisted Solution

by:James Bilous
James Bilous earned 250 total points
ID: 41868585
Yes, someone sniffing the wire could see the post packets being sent, which is why encryption is always recommended for authentication.
0
 
LVL 26

Accepted Solution

by:
Dr. Klahn earned 250 total points
ID: 41868593
HTTP packets are unicast to a specific address, not broadcast.

The interface on client 2 that is (presumably) in promiscuous mode sniffing the network will see the packet because it is in promiscuous mode.
0
 

Author Comment

by:trojan81
ID: 41868608
DR Khan, since the http packet is unicast to the server and not broadcast, explain how client-2 will always see the packet even in promiscuous mode
0
 
LVL 26

Expert Comment

by:Dr. Klahn
ID: 41868617
A network interface that is in promiscuous mode sees all traffic on its network.  This is how traffic sniffers work -- promiscuous mode works on any interface on any system.  There is no special hardware involved.
0
 
LVL 8

Expert Comment

by:James Bilous
ID: 41868624
I believe that this is more true for wireless than it is for ethernet. With the right MAC Address tables set up on intermediary routers between the source and destination machines, a node with a NIC in promiscuous mode does not necessarily see the traffic passed between the two. On wireless, all unicast packets can be seen by the NICS in transmission range.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A Change in PHP Behavior with Session Write Short Circuit (http://php.net/manual/en/book.session.php#116217) (Winter 2014)** With the release of PHP 5.6 the session handler changed in a way that many think should be considered a bug.  See the note …
Introduction and Prerequisites This article describes methods for detecting whether a client browser accepts and returns HTTP cookies and whether the client browser runs JavaScript.  Most client browsers will, by default, be configured to use cooki…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question