Re: Is it really a HUB?

["Kristofer T. Karas" <ktk () enterprise bidmc harvard edu>]

Marc Quibell wrote:

> > as long as one keeps one's box from transmitting
> > any data, the hub/switch will not learn its MAC address, and should send
> > it everything.
>
> Actually, it will send it nothing at all....
>  

Thanks, but that doesn't really explain what is (or is not) going on.  
In particular, it still leaves questions in my head as to the ability of 
plugging several of these mini switches together to add ports.  Since 
they are not configurable as to network address space, they have no ARP, 
merely passively listening to learn MAC addresses (typically stored in a 
2K entry table) and routing based on that.  I think its algorithm is 
pretty simple: when a packet arrives on some port, note the MAC address 
in the table; when sending a packet to a MAC address in the table, send 
directly to the port number listed; if no entry exists in the table for 
the packet, send to all but the originating port.  Broadcast packets go 
to all ports because no single interface sends a packet with the 
wildcard ff:ff:ff:ff:ff:ff as its source MAC.  Since one can plug these 
devices into a large network with more unique MAC addresses than will 
fit in the table, there is no way the device could refuse to send 
packets prior to learning each and every MAC.

Am I missing something here?  If so, prithee, what?

Kris



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users