-1

Consider the following: I have a device which sends UDP messages to another device, both on the same switch. The UDP messages are not sent as a broadcast. Now I want to listen to these UDP messages with a third device, also connected to the same switch.

Now I've to choose the right switch and I'm not sure if I missed something: Is it correct that the UDP messages anyway are sent troughout all ports of the switch since a Layer2 switch doesn't know anything about addresses. Or in other words: Can I use any Layer2 switch, managed or unmanaged, as long as all devices are in the same subnet?

Thanks for your help! Simon

user207421
  • 305,947
  • 44
  • 307
  • 483
simon
  • 1
  • "_Is it correct that the UDP messages anyway are sent troughout all ports of the switch since a Layer2 switch doesn't know anything about addresses._" No. Layer-2 switches know about layer-2 addresses, and the deliver the layer-2 frames only to the interface where the destination layer-2 address is connected. – Ron Maupin Nov 04 '21 at 15:45
  • UDP has nothing to do with [tag:osi]. – user207421 Feb 28 '22 at 00:36

1 Answers1

0

I think you're misunderstanding how works layer 2 in the TCP/IP model.

If a UDP datagram is sent to a specific machine on the network, it's layer 2 address should be the destination's MAC address and the switch will send it only to this machine as long as he's got the mac address in his CAM table (MAC address <-> physical port association) which should be the case as long as the machine is active on the network.

If you want to intercept packets between two machines, you can either mirror the physical port on the switch to copy informations received by this port, or make a ARP cache poison attack on the local network which will allow you to receive all traffic from one machine to another, also known as MITM attack (man in the middle) which is quite easy to produce on a linux machine.

elalitte
  • 46
  • 4
  • thanks for your response. Port Mirroring is the key then. A question to that: If I mirror all traffic from e.g. port 1 to port 2, would I still be able to use the device on port 2 for other things, e.g. connecting to the internet, or is the communication on that port then just unidirectional? – simon Nov 08 '21 at 10:38
  • I think it depends on the switch capacity. The only switch I worked with couldn't do it as the mirroring port had the exact same configuration as the first port, but I see no reason why it shouldn't be possible. – elalitte Nov 09 '21 at 11:22