Frank Knobbe wrote:
>
> The loopback on the LAN side causes the switch to
> receive all packets it sends out. That triggers some switches into
> behaving like a hub. Use at your own risk.
Now that is interesting. I wonder which of two scenarios is
occurring:
1) Broadcast packets are forwarded and thus read back through the
same port. This registers that port in the MAC table for all
MAC addresses that send broadcast traffic. Hence, you wouldn't
see traffic for MACs that don't send broadcast traffic (few
and far between, eh?) and you might lose the ability to see
traffic after a timeout following a broadcast flushes the MAC
from the table.
2) Regurgitating all the MAC addresses from the broadcasts fills
up the MAC table or the switch simply can't handle the same
MAC on multiple ports...either way in resulting in the whole
switch turning into a hub.
Can you sniff packets on other ports using a normal cable when this
turnaround cable is installed?
--
Gary Flynn
Security Engineer - Technical Services
James Madison University
Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/info-security/engineering/protecting_yourself.shtml
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
