Hi all, on a broadcast domain, can anyone tell me if a pc sends a broadcast out on its subnet, does every switch port recieve a copy of the broadcast ? but only people in that subnet actually have to pay attention to it ? can someone explain
it's a strange that a PC sends a broadcast out on its subnet! i can't imagine this senario.
but theorically if a PC sends an IP packet to a computer in an other subnet, it sends the frame to its gateway to get routed.
Hi Carl I think you need to be careful about phrasing - your question could be a little ambiguous - are you talking about a L2 or L3 broadcast? If you are talking about a PC sending and IP packet to an address that is the broadcast address for the subnet, it will also be sent to the L2 broadcast address, and as such replicated to all ports in the VLAN. This will be recieved by all hosts on the VLAN, which ahouls all be in the same subnet on a properly designed network, meaning all devices "pay attention" to it,
thanks for your reply, can you tell me what the layer 3 broadcasts would be used for, and would I expect to see the broadcast address ie 10.1.1.255 on my sniffer for a layer 3 broadcast ?
If any broadcasts are there, I would expect a sniffer to see them, even just on an ordinary switch port - i.e. no need to set up a SPAN port.
Why would they be used? I am not aware of many actual uses for them, and I expect they would be application specific. I know that sounds like (and is) a bit of a cop out, I *THINK* some AV software may use it to try to find local update servers, but most use is malicious.
Gaming MAY use it if not using a game server on a local LAN.
Most applications that may consider using broadcast would probably be better served by multicast.
the typical application that generates L3 broadcast in a microsoft environement is netbios used by (network neighboring) and workgroups discovery and annoucements...
so would the layer 2 broadcast address be the address in the same subnet as what you pc is on, ie my pc 10.1.1.1/24 , layer 2 broadcast address = 10.1.1.255
a layer 3 broadcast would be my pc broadcasting to another network ?
is this right?
when we speak about L2 we should not invoke IP addresses. because IP addressing is a L3 feature.
L2 broadcasting is when the frame is sent to all interfaces that belong to the same VLAN.
this could happen if:
- the switch does not know the location of the destination mac address (mac address not yet learned)
- the destination MAC address is FFFF.FFFF.FFFF.FFFF (L2 broadcast). this happens when the IP destination is a L3 broadcast. expl : 10.1.1.255 or 255.255.255.255.