-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: Gary flynn [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, October 24, 2000 3:08 PM
>
> 1) Broadcast packets are forwarded and thus read back through the
> same port. This registers that port in the MAC table for all
> MAC addresses that send broadcast traffic. Hence, you wouldn't
> see traffic for MACs that don't send broadcast traffic (few
> and far between, eh?) and you might lose the ability to see
> traffic after a timeout following a broadcast flushes the MAC
> from the table.
With the switch sitting next to me (Linksys EtherFast 10/100, 8 port)
that is indeed the case. Specifically, after a while I can still see
all traffic passing through, and broadcasts, but other machines seem
to drop off after ARP entries in their tables time-out. It appears
that the switch receives their ARP requests, but never forwards them,
except for the port with the funky cable attached. Thus other
machines don't respond and the requester never get their ARP packets,
resulting in loss of IP. Interestingly, hosts with static ARP entries
seem to work fine.
> 2) Regurgitating all the MAC addresses from the broadcasts fills
> up the MAC table or the switch simply can't handle the same
> MAC on multiple ports...either way in resulting in the whole
> switch turning into a hub.
> Can you sniff packets on other ports using a normal cable when this
> turnaround cable is installed?
Tested this, and no, other ports are not hub-erized. I had a machine
in port A constantly ping a machine in port B. Port C had the cable
and sniffer attached, and was able to monitor all traffic. Port D had
a normal cable and a sniffer attached, and only saw packets to/from
itself.
Doesn't look like this cable works on all equipment. (I had
originally created it to sniff on hubs while at the same time
preventing the sniffer to leak information into the network).
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME encrypted email preferred.
iQA/AwUBOfYOpkRKym0LjhFcEQJ3YwCfeZ4YIC/9XRFevx1Q3QN8wVT9dyIAnjRA
BHYwWINGzdV0nTQRRNNaD8+k
=7qtI
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
