[techtalk] router/switch question

Tania M. Morell tmorell at myquadrant.net
Fri Feb 8 00:29:20 EST 2002 

----- Original Message -----
From: "Raven, corporate courtesan" <raven at oneeyedcrow.net>
>
> It may be the app, too.  (I forget what you said you were doing
> when you saw all that activity.)  Can you run the app on a different
> machine and see if you see the same behaviour?  If so, the app is
> probably just one that uses a lot of broadcasts, and that's why
> you're seeing that activity everywhere.

I was first downloading/installing ximian and later dowloading openssh3...
the activity went on throughout the whole time it took to do these things.

>
> Switches 101:  Switches are often called smart hubs.  This is
> because they learn where devices are (Mac address/IP address blah is off
> port foo) by listening to frames they recieve.  So, if they get a frame
> from MAC address foo on port 1 destined for MAC address bar, they store
> the knowledge that MAC address foo is off port 1 in their forwarding
> table.  The next time they have a frame for foo, they can only send it
> out of port 1 rather than spamming all ports with it.  (If switches
> recieve a frame for an unknown MAC address, they'll generally forward it
> out all ports except the one it came in on.)  As they pass frames, they
> learn where the devices on the local network are, and they send less
> frames to all ports, and more for the particular port that connects to
> the destination device.

yeah, i know.   this computer is connected to a linksys router which is then
connected to the switch. One possible theory could be that switch doesn't
recognise the mac address of the computer since it's not connected directly
to the switch.  .. but this doesn't make sense since my brother's computer
(winxp machine also connected to the router) does not cause this type of
activity.

>  eptionto this -- broadcast frames.  These are frames
> that are *supposed* to go to everyone on the local subnet (a division of
> IP space).  So broadcast frames will appear on every port except the one
> they came in on, every time.  It sounds like this is what's happening
> with your setup.  Broadcast frames have many uses for protocol designers
> -- find all machines on the local network, send a message to all (Router
> going down in five minutes!), search for a particular computer that you
> know is connected but don't know where it is (akin to shouting "Hello?
> Jane?" down every hallway until she shows up), aanouncing available
> services to other devices on a network (a la Novell servers and
> AppleTalk printers), things like that.

hmm.  i don't have a broadcast frame.

>
> Some applications are more broadcast-intensive than others.  It
> all depends on the software, the protocol stack, and how it was
> programmed.
>

I was only downloading stuff.  there was no running apps.  unless you want
to count netscape.
I have a w2k machine also on the network which had a virus last week. Do you
think there could be a virus that attacks stuff on the network? like a
sniffer or something.  I removed the virus (damned hard to do, btw requiring
several reboots into safe mode, etc) but i haven't had time to do much with
the activity causing server since.

> If any of this doesn't make sense, please ask.
>
> Cheers,
> Raven
>
>
> <NCC> Derek says, "anyone interested in buying a Game Cube?"
> <NCC> Path says, "joking?"
> <NCC> Robert says, "How much? : )"
> <NCC> Raven says, "Can I put Linux on it?"
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk

More information about the Techtalk mailing list