[61967] in North American Network Operators' Group
Re: Some very strange network behaviors
daemon@ATHENA.MIT.EDU (Crist Clark)
Thu Sep 11 17:51:12 2003
Date: Thu, 11 Sep 2003 14:49:56 -0700
From: Crist Clark <crist.clark@globalstar.com>
To: Gregory Hicks <ghicks@cadence.com>
Cc: mike@rockynet.com, nanog@merit.edu
Reply-To: crist.clark@globalstar.com
Errors-To: owner-nanog-outgoing@merit.edu
Gregory Hicks wrote:
>
> > Date: Thu, 11 Sep 2003 13:35:37 -0700
> > From: Crist Clark <crist.clark@globalstar.com>
> >
> > Mike Lewinski wrote:
> > >
> [...snip...]
> > OS's IP stack is misbehaving badly, Zone Alarm should not see the traffic
> > on the LAN that does not have his MAC address on it.
> >
> > How would a switch/router be deciding that these other IP addresses
> > should go to his PC's NIC (MAC address)?
>
> Unless the switch got confused when the MAC address changed as it
> did...? Then the switch would go into "broadcast" or "flood" mode
> where every packet is delivered to evey port because the switch doesn't
> know where to send it.
Even if a switch floods all ports, it does not change the fact the packet
will not have the correct MAC address and his NIC should never pass it
up the stack. Switches do not rewrite the Ethernet addresses on packets.
--
Crist J. Clark crist.clark@globalstar.com
Globalstar Communications (408) 933-4387
