Introduction to Ethernet switch protocols

An Ethernet switch is a network device that can encapsulate and forward data packets based on MAC address recognition. The switch can "Learn" the MAC address and store it in the internal address table. By creating a temporary exchange path between the initiator of the data frame and the Target receiver, the data frame can directly reach the destination address from the source address.

1. The switch establishes a ing between the address and the switch port based on the source MAC address in the received data frame and writes it to the MAC address table.
2. The switch compares the destination MAC address in the data frame with the created MAC address table to determine which port is used for forwarding.
3. If the destination MAC address in the data frame is not in the MAC address table, it is forwarded to all ports. This process is called flood ).
4. Broadcast frames and multicast frames are forwarded to all ports.

The ethernet switch understands the MAC address of each port connected device, and maps the address with the corresponding port and stores it in the MAC address table in the switch cache. Forwarding/filtering: when the destination address of a data frame is mapped to a MAC address table, it is forwarded to the port connecting to the target node instead of all ports. If the data frame is broadcast or multicast frame, it is forwarded to all ports ).

Eliminate loop: When a vswitch includes a redundant loop, the Ethernet switch avoids loop generation through the Spanning Tree Protocol and allows a backup path.

1. The network segment connected to each port of the vswitch is an independent conflict domain.
2. The devices connected by the vswitch are still in the same broadcast domain. That is to say, the only exception to the no-isolated broadcast of the vswitch is in a VLAN environment ).
3. A vswitch forwards data based on the frame header. Therefore, a vswitch is a network device on the data link layer. The vswitch mentioned here only refers to a traditional Layer 2 switching device ).

When a port receives a data frame, it first checks the target MAC address of the modified data frame on the port corresponding to the MAC address table (CAM, if the destination port and source port are not the same port, the frame is forwarded from the destination port, and the correspondence between the source port and the source MAC address in the MAC address table is updated; if the destination port is the same as the source port, the frame is discarded.

There are the following scenarios:

A four-Port switch with ports Port. A, Port. B, Port. C, and Port. D corresponds to host A, B, C, and D, where D is the gateway. When host A sends data to host B, host A encapsulates data frames according to OSI. During the process, host A finds the MAC address of host B Based on the IP address and fills it with the target MAC address in the data frame.

Before sending, the MAC-Layer Protocol control circuit of the network card will make a judgment first. If the target MAC is the same as the MAC of the network card, it will not be sent. Otherwise, the network card will send the data. Port. A receives the data frame, and the Exchange Server follows the above check process.

In the MAC address table, the Port number of the MAC address (MAC of the data frame destination) of B is Port. b, and the data source Port number is Port. a, then the switch moves the data frame from the Port. B forwarded. Host B receives the data frame.

This addressing process can also be summarized as IP-> MAC-> PORT. ARP spoofing spoofs the relationship between IP addresses and MAC addresses, MAC spoofing spoofs the correspondence between MAC and PORT. The earlier attack method was the MAC address of the flood switch. This would indeed enable the switch to work in broadcast mode to achieve sniffing, but would cause heavy load on the switch, network slowness, packet loss, and even paralysis. We do not use this method.

The working environment is the above four swith ports. The software uses the httphijack of cncert as an example, and the application uses data of host A to hijack host C. The following is the hijacking process (da is the target MAC and sa is the source MAC)

1) A sends data packets from any da = gateway. mac and sa = B. mac to the gateway.

This indicates that port. a corresponds to B. mac. Within a period of time, the switch will send all data frames sent to B. mac to host. This time continues until host B sends a data packet, or before another da = gateway. mac, sa = B. mac data packet is generated.

2.) host A receives the data sent from the gateway to B, records or modifies the data to be forwarded to host B, and sends A broadcast request to host B. MAC before forwarding. This packet is normal.

1. Data Interface Types of each Gigabit Switch
2. Learn how LAN switches solve Network Security Problems
3. Comprehensive analysis of basic functions of security Switches
4. PythonAndroid looks deeply at the new layer-3 Switch Technology
5. Analyze the structure and application of the application layer switch