Some very strange network behaviors

• Previous message (by thread): Some very strange network behaviors
• Next message (by thread): Some very strange network behaviors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mike Lewinski wrote:
> 
> Christopher Bird wrote:
> 
> > This seems strange to me since they are arriving at an IP address that
> > is different from mine.
> 
> That's the function of a hub, and the reason why you don't ever want to
> send out sensitive information in plaintext. Your neighbor in the next
> room over could run a packet sniffer and capture your logins.

Yes and no. On a broadcast network, like Ethernet, you expect to see traffic
for other hosts. The issue here is that it looks like the traffic for these
other hosts was getting delivered to Christopher's link-layer address.

If he kicks his NIC into promiscuous mode and sees all of this traffic 
with a sniffer, then this is expected. That's the scenario you highlight.

If, OTOH, he's sitting there and traffic for other IP addresses is getting
delivered to his NIC with the NIC's MAC address in there, something strange
is going on. Unless he has his NIC switched to promiscuous mode and the
OS's IP stack is misbehaving badly, Zone Alarm should not see the traffic
on the LAN that does not have his MAC address on it.

How would a switch/router be deciding that these other IP addresses 
should go to his PC's NIC (MAC address)?
-- 
Crist J. Clark                               crist.clark at globalstar.com
Globalstar Communications                                (408) 933-4387

• Previous message (by thread): Some very strange network behaviors
• Next message (by thread): Some very strange network behaviors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]