Mac flooding attack, unicast and sniffer

Hi all

happy new year to all members of support forums!

If I am not mistaken in a switched environment a crowd will see all unicast (addressed directly to her), broadcast (in the same VLAN) and multicast frames (when membership in the multicast group).

Now consider that I run a MAC flooding attack on the switch in question. It fills the entire MAC table (8,000, 16,000 entries, no matter). Now, host A wants to connect to B (both on the same switch, same VLAN). Host A has the host host b MAC address in its arp table. A sends the packet, it happens on the switch (he learn not the port that the host is turned on, because the cam table is full), but he'll find no MAC address of host B as well (I know, it may be present, but assume that it is not). So because the host has the MAC address of host B I know more of that host A sends a unicast frame on. So the switch inspects its CAM table looking for MAC of host B and "said" I don't know where host B is, so let me send the frame / packet to all ports. Even if he she will send to all ports, it's still a unicast. Now, my question is (if all the foregoing is correct). When I run a sniffer on host c (connected to the same switch, even VLAN) will be able to see the package? Or do I have to activate the "Promiscuous" inside Wireshark mode?

Thank you in advance!

Adam

Hi Adam,.

But in the case of broadcast frames each host on the same VLAN saw, correct? Or should I always turn the promisc mode?

I guess you always ask the subject of sniffing and Wireshark. In this case, diffusion frames would be visible in Wireshark whatever the promisc mode setting.

So the frame comes with mac dest FF:FF:FF:FF:FF value and each host leans on the chassis, then the network layer and all hosts (but not the one with the IP address in question) drop the fames / package. OK, so I guess I'd still have active promisc

What you have described is a product of correct treatment of a broadcast frame including its load by the driver for the CARD and the driver of the intellectual property. However, Wireshark works at a fairly low level: it binds relatively close to the driver for the CARD. Each image that is received by a NETWORK card and handed over to the operating system for further processing is also copied in Wireshark. So even if the IP driver can know that the IP packet is for someone else, and he falls, Wireshark will nevertheless show the frame. The trick is in getting the NETWORK adapter to accept the framework in the first place. If the framework is to broadcast, the NETWORK adapter will accept it automatically. If the setting is unicast/multicast and you still want your NIC to accept it even if it is not planned for this particular NETWORK interface card, you must use promisc mode.

Please feel welcome to ask for more!

Best regards
Peter

Tags: Cisco Network

Similar Questions

I don't know what to do about Java - my Mac is horribly slow, and I was advised to remove Java. But now it will not open Photoshop without Java.

I don't know what to do about Java - my Mac is horribly slow, and I was advised to remove Java, it installs adware. The more I studied, the more information, I've seen say that most of the Web sites and software do not use Java on Mac more. So I deleted everything related with Java. But now it will not open Photoshop without Java. It will be safe if I get it directly from the Oracle site?

You can download the installer for OS X directly from Oracle. Be sure to uncheck everything installs 'optional' which can appear at the beginning (I think on Windows it wants to install McAfee trial or the toolbar Bing - not really malware, more as desired and useless crud-ware). I have a course Java JRE install on my MacBook Pro retina like some internal tools we have developed to work are currently java and I use a tool of u. Toronto called CytoScape is Java. Sites Web will use Java Script, a very different beast and does not require a full Java or JRE install. But with Java/JRE installed, just be sure of the source of any software that you download and install that is java based (as you should with all the software that you put on your machine).

In addition, for PhotoShop, it says that you need the legacy Java 6 for OS X? If so, then don't waste your time on the current version, just install that release 6 legacy.

I've just updated FF 14.0.1 (Mac 10.6.8) and now netflix won't work. He is asked to restart in 32-bit mode and I changed in the Get Info to 32-bit. No luck.

I've just updated FF 14.0.1 (Mac 10.6.8) and now netflix won't work. He is asked to restart in 32-bit mode and I changed in the Get Info to 32-bit. No luck.

Yes, I have the same problem. Silverlight 4 does not work in Firefox 14.0.1. Used to use only "restarting in 32-bit mode", but now, who is caught in a loop without end. Silverlight 5 will work, but the video is choppy so badly that it is very bad. I think it's a fall frames in all directions.
Someone needs to fix this problem yesterday.

I updated Firefox on my Mac (10.6.8), and now the story is not known (that option is checked) and the back button will not work. Help?

I updated Firefox on my Mac (10.6.8), and now the story is not known (that option is checked) and the back button will not work. Help?

One possible cause is a problem with the places.sqlite file that stores the bookmarks and history.
- http://KB.mozillazine.org/Bookmarks_history_and_toolbar_buttons_not_working_-_Firefox
- https://support.Mozilla.org/KB/bookmarks+not+saved#w_fix-the-bookmarks-file
You can also try to repair the database of places with this extension:
- https://addons.Mozilla.org/firefox/addon/places-maintenance/

I use a Mac 10.5.8 and your software says it must be compatible with 10.5, but he says it's not compatible with my operating system. Why?

I use a Mac 10.5.8 and your software says it must be compatible with 10.5, but he says it's not compatible with my operating system. Why?

10.5.8 it is compatible with firefox only with Intel see 10.0:

http://www.Mozilla.org/en-us/Firefox/10.0/system-requirements/

for your ppc mac, the most recent is the version that you have 3.6.26 see:

http://www.Mozilla.org/en-us/Firefox/3.6/system-requirements/

Thank you

Please check 'Resolved' the answer really solve the problem, to help others with a similar problem.

Differences between the Mac Pro 2009, 2010 and 2012 Logic Board

What are the differences between the logic board in the Mac Pro 2009, 2010 and 2012? In particular, what are the differences in the logic board between the MacPro4, 1 and MacPro5, 1? When a 2009 logic board is updated to 5.1 firmware is identical to the logical tips 2010 and 2012? Updated to 5.1, what is happening with the SMC firmware?

Answers in-depth in this type of broad would be book-length responses.

Where are you going with this?

I have Mac 10.4.11 and Firefox 3.6.25 and FF always tells me to switch to the last compatible update, but I can find no evidence on their site that something better exists.

Mac OS 10.4 is the limit for my old Mac. I get the message that I should upgrade to a newer version of Firefox that 3.6.25, but the "tell me more" and other links that he introduces me offer no trace of this new compatible version.

Firefox 3.6.x is the latest version of Firefox Mozilla for Mac PPC and 10.4.

http://www.Mozilla.com/en-us/Firefox/all-older.html

For older Macs that are not considered supported in versions of Firefox 4 +, try TenFourFox for PowerPC in performance Mac 10.4.11 and 10.5.8.

http://www.floodgap.com/software/tenfourfox/

http://tenfourfox.blogspot.com/

https://code.Google.com/p/tenfourfox/wiki/PluginsNoLongerSupported

I've updated my Mac Firefox last night and now he doesn't see my network

Firefox opens but load only cashed pages, nothing new, I closed all the windows, tried all different network settings but nothing.

I do nothing with my network, but the new version doesn't, I use Ethernet & airport for wireless printer

I have disabled all proxies
All people with disabilities Add ons & extensions

I'm looking on the web for solutions,
THX
Terry

You can not use version 8.0.x on your ppc Mac.

http://www.Mozilla.org/en-us/Firefox/8.0/system-requirements/

Firefox 4 versions and more late do not run on a PowerPC Mac and require at least OS X 10.5 and An Intel Mac.

a version more recent support for your operating system is 3.6.24 you can download here:

http://www.Mozilla.org/en-us/Firefox/all-older.html

For older Mac that are not supported in versions of Firefox 4 + If you like to try TenFourFox for PowerPC in performance Mac 10.4.11 and 10.5.8

http://www.floodgap.com/software/tenfourfox/

http://tenfourfox.blogspot.com/

https://code.Google.com/p/tenfourfox/wiki/PluginsNoLongerSupported

Thank you

Please check 'Resolved' the answer really solve the problem, to help others with a similar problem.

Is there a way to manually move photos from my Mac to my iPad and iPhone? I don't want to use photostream because I don't want to use my memory on my devices moble with my collection of photos together.

Is there a way to manually move photos from my Mac to my iPad and iPhone? I don't want to use photostream because I don't want to use my memory on my devices moble with my collection of photos together.

With iTunes Sync Photo, you can copy the albums selected to your library of Photos of the iPhone or the iPad.

See: Sync photos to your iPhone, iPad, and iPod touch in iTunes - Apple Support

But this method is available, if you use not iCloud photo library on your mobile device.

Download Firefox 4 for my Mac OS10.5.8 and now cannot open Firefox.

Download Firefox 4 for my Mac OS10.5.8 and now cannot open Firefox. The processor is 1.25 GHz Power PC G4 and 768 MB of DDR SDRAM memory. Is it possible to revert to a previous version that worked fine on my Mac?

Firefox 4 requires at least OS X 10.5 and an Intel Mac. There is a third part of Firefox 4 version that works under OS X 10.4/10.5 and PPC Macs, for details, see http://www.floodgap.com/software/tenfourfox

If you prefer, you can get the latest version of Firefox 3.6 http://www.mozilla.com/en-US/firefox/all-older.html

I want to exchange a larger HDD (Mac Pro early 2009) and at the same time improve Cougar to El Capitan.

I want to exchange a larger HDD (Mac Pro early 2009) and at the same time improve Cougar to El Capitan. What is the best way to do it?

I think the best would be a new installation of El Capitan on the new HD and reinstall the applications on the new HD, and then migrate the data and setting for the previous version of OSX. In this way the least unused stuff enters the new OSX version

Replace the iTunes from Mac to another folder and make it synchronize with the iPhone?

I copied the iTunes folder full of an iMac of El Capitan 2013 a 2015 running iMac running a little newer version of El Capitan. I want to replace the iTunes folder on the new Mac with my backup and everything on the new Mac to work as it did on the old, well that the old iMac and a new have different names, I do not know if what counts.

1. my entire library of music appear and be available after replacing the files?

2. home sharing with all my devices work after replacing the files?

3. what happens with my iPhone and iPad that already synced with my old iMac? Will they continue to synchronize on the new iMac, as I replaced the entire folder?

4. are there any other questions or things that I need to address with what I do?

Thank you!

1 Yes

2. no doubt. If this isn't the case, you may need to reconfigure. I don't know exactly where these settings are stored.

3. Yes

4. nothing much as your installation is as described and the entire library is stored in the iTunes folder. Some elements used in iTunes related activities are not stored in the iTunes library folder, but in special folders. If you move a library to another computer, you can copy these too:

-Music Apple file cache: http://dougscripts.com/itunes/2015/09/new-flush-apple-music-cache-files/

-device iOS, various preferences files backups: https://discussions.apple.com/thread/3285925

My says Mac has 4 virus and asks me to download MacKeeper. Is this a bug?

Anyone know if this is a bug or what?

I have this message and a window closed with a message saying that my Mac has 4 virus and I need to clean it, opening a Web for MacKeeper to download...

Help!

It's a scam.

(139491)

can I use 2 Mac Pro, the old and the other from different locations with the same apple ID?

can I use 2 Mac Pro, the old and the other from different locations with the same apple ID?

Yes. The only problem that I see if Macs were different countries. The method of payment in the account/ID must be associated with the country where the unit is located and you can only buy Apps from the store of the country where the computers are located

I have a mac Pro 13 "model and its making funny nose and get hot around 11:00 area when she is facing you. sounds like wearing out but it happens only intermittently.

I have a mac Pro 13 "model and its making funny nose and get hot around 11:00 area when she is facing you. sounds like wearing out but it happens only intermittently.

The genius bar people are especially good to physical problems and power problems. MacBook Pro my son got in because he was behaving strangely, and I run diagnostic and written tests the error code.

The genius powered on the MacBook, made a terrible face, picked up over his head and held the keyboard close to his ear. "You have bad fan!", he said. "And you have also run diagnostics and got an error code? What was this error code? »

The error code has turned out to be basically "Bad fan".

Your visit for assessment is free, guaranteed, or rear. If you decide to do the work, it's all fixed-price, no surprises.

Mac flooding attack, unicast and sniffer

Similar Questions

Maybe you are looking for