Prevent unwanted computers from connecting to your wireless network

 
Contact  |  Sitemap  |  Language:

How network works - Network switches and broadcast packets.

Network switches - A network switch is an Ethernet device that can divided an Ethernet network up in different zones. Within one zone all computers will se each others traffic but outside the zone only traffic that is aimed for computer in that zone is transferred.


Computers on a switched network


This picture shows a switch that divides the network up in two zones. When computers on one side of the switch communicate with each other the switch will not forward their traffic to the other side. The switch keeps track where computers are connected to the bus based on there MAC-addresses and only forward traffic if computers that communicate are in another zone, in this case on the other side. Devices on an Ethernet network will not detect or notice the network switches. For computers the switches are transparent.


There are a lot of theories on how to divide a network in zones to get as good network capacity and bandwidth utilization. We will not explain these theories here. Instead we have reach the point when its time to describe broadcast packets.


A network switch keeps track of computers connected behind the switch and only data packets that have there destination MAC-address set to a computer behind the switch are forwarded to the computers behind the switch. This is true for most cases, but not all.


When a computer tries to connect to a network it sends out broadcast packets. Broadcast packets have no specific destination address. Instead the broadcast packets are meant for all computers on the network. A connecting computer sends those packets to inform all the other computers on the network that it is about to become part of the network. These broadcast packets will switches forward to all computers behind them.


Broadcast packets, a way to get attention. - When a new computer connects to the network it has to let the other computers know its there. The new computer have no ide of what other computers that are already there. The computers already on the network have no way of telling there is a new computer connected to the network. The new computer therefore sends out several broadcast packets.


All computers shall listening for broadcast packets. These broadcast packets are sent on Ethernet level and the new computer puts its own MAC-address as the sender MAC-address. But since the new computer do not know what other MAC-addresses that are used by the other computers it sets the destination MAC-address to all "1"s (broadcast destination address 0xFF-FF-FF-FF-FF-FF).


Switches recognize the destination MAC-address as a broadcast address and forwards the packet to the zone behind the switch. This is since the switch can not tell for what MAC-address the packet is meant. This means that a computer that sends out a broadcast packet can rely on that all the other computer and other network devices on the network will receive the broadcast packet even if the network is divided in zones by switches.

Of cause this is not hundred percent true since there is something today called Virtual LAN but lets get back to that later. For now we assume that all computers on a local network will receive these broadcast packets. Lets also mention that broadcast packets are not only sent when a computer connects to the network. Broadcast packets are sent now and then for other purposes. Typical a computer sends out a broadcast packet every third minute.



How will LANeye benefit from this?

LANeye will detect all computers and other network devices that sits on the same local network even if the network is divided by switches into several zones, due to that broadcast packets are forwarded by the switches.


For LANeye broadcast packets plays an important roll. In a network without switches LANeye could be able to see all traffic from every computer. If LANeye is ran on a computer in a switched network will LANeye only be able to see the traffic within the local switch zone but since the broadcast packets LANeye will see these broadcast packets from the hole network and not only from the switch zone. When a new computer connects to the network it has to due to the nature of the network, send out broadcast packets to become part of the network. LANeye will therefore detect intrusion in the same moment as a new computer tries to connect.



Learn about MAC-addresses and IP-addresses in the next section.





Read more on this topic

2.   HOW NETWORK WORKS - Network switches and broadcast packets

How network switches divide networks in to zones but still let broadcast packets pass them freely.

 NEXT

3.   HOW NETWORK WORKS - MAC-address and IP-address relationship

The difference between MAC-addresses and IP-addresses and how they are used on a local network.

4.   HOW NETWORK WORKS - How computers become part of a network

How computers announces their network presence by broadcasts.

Network Intrusion Detection Software

Free to try

Price: $59 USD

Free to try

Price: $131 USD

Register to keep posted

Register to receive LANeye email news.
To register, download and install LANeye. From within the program, use the registration dialog.


TELL A FRIEND ABOUT LANeye
Copyright 2003-2014 ProPrat, Stockholm Sweden  |  www.proprat.com  |