From owner-freebsd-hackers Wed Jul 21 0:34:34 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (Postfix) with ESMTP id A725A14E7B for ; Wed, 21 Jul 1999 00:34:32 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id AAA25177; Wed, 21 Jul 1999 00:33:31 -0700 (PDT) (envelope-from dillon) Date: Wed, 21 Jul 1999 00:33:31 -0700 (PDT) From: Matthew Dillon Message-Id: <199907210733.AAA25177@apollo.backplane.com> To: Jaye Mathisen Cc: Modred , Vincent Poy , sthaug@nethelp.no, leifn@neland.dk, freebsd-hackers@FreeBSD.ORG Subject: Re: poor ethernet performance? References: Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG :Perhaps I'm missing something obvious, but since switches forward packets :selectively per port, I would think it would be hard to sniff packets on :any port, w/o administrative access to the switch to tell it to mirror :data to a different port. : :ie, if I'm plugged into port 1, I can't see traffic on a switch on port 2 :except for broadcast traffic... The switch routes traffic based on its ARP cache. While you cannot easily monitor another port's traffic, you can take over its MAC address and steal its traffic. Cisco VLANs perform a different function. Remember that a logical ethernet segment is typically routed by a single network route. For example, a class C or a subnetted class C. The catalyst allows you to throw machines into different VLAN buckets which, in addition to the better security, allows you to assign separate subnets to each bucket. The switch itself doesn't care, but this can reduce global ARP traffic significantly. Catalysts can have hundreds of ports stuffed into them. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message