From owner-freebsd-hackers Wed Jul 21 11:55:14 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from jane.lfn.org (dean.charbonnet.net [209.16.92.8]) by hub.freebsd.org (Postfix) with SMTP id 40E8F14FFC for ; Wed, 21 Jul 1999 11:55:10 -0700 (PDT) (envelope-from caj@lfn.org) Received: (qmail 2777 invoked by uid 100); 21 Jul 1999 18:55:05 -0000 Date: Wed, 21 Jul 1999 13:55:05 -0500 (CDT) From: Craig Johnston To: Jaye Mathisen Cc: Modred , Vincent Poy , sthaug@nethelp.no, leifn@neland.dk, freebsd-hackers@FreeBSD.ORG Subject: Re: poor ethernet performance? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 20 Jul 1999, Jaye Mathisen wrote: > > Perhaps I'm missing something obvious, but since switches forward packets > selectively per port, I would think it would be hard to sniff packets on > any port, w/o administrative access to the switch to tell it to mirror > data to a different port. You can definitely do it with ARP games. I was playing with this and I ran into an interesting phenomena -- perhaps someone more familiar with the workings of switches could explain. What I was doing was having one machine send out bogus ARPs to all the machines on the network except the victim, telling them the victim was at a nonexistent MAC address. The switch would broadcast packets for this MAC address because it didn't know where it was. I would then rewrite the MAC address in the ethernet header and put the packet back on the wire so the victim would get it. Interesting part was, not only did traffic for my bogus MAC get broadcast, apparently so did ALL traffic. !! This brought the 100Mbit switch to its knees. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message