RE: arpwatch and more

To: "Tim Kent" <tim@rendrag.net>, <debian-isp@lists.debian.org>
Subject: RE: arpwatch and more
From: "Jeff S Wheeler" <jsw@five-elements.com>
Date: Mon, 19 Mar 2001 12:45:08 -0500
Message-id: <[🔎] NEBBJNLLGLPLEJAFGEPEOENMCAAA.jsw@five-elements.com>
In-reply-to: <[🔎] 002601c0b038$cc6d82c0$3c0210ac@bcmpartnership.com.au>

Those quad ethernet cards support one MAC address per PHY, or they can
operate as a Cisco EtherChannel or probably other similar technologies used
to bond ethernet links, depending upon how you configure it and your switch.

I sent the below message to someone else on the list in private, thinking
that they might benefit from some further explaination, but also thinking
that most people subscribed to this list would have a solid understanding of
how modern ethernets work, and thus would not benefit from the post.
Obviously I was wrong, there appear to be lots of people on this list that
don't grok ethernet, so below is that message for the benefit of everyone.

-----Original Message-----
From: Jeff S Wheeler [mailto:jsw@five-elements.com]
Sent: Friday, March 16, 2001 11:44 PM
To: Mike Fedyk
Subject: RE: arpwatch and more

An ethernet switch won't send frames to "multiple ports".  Ethernet switches
can broadcast, they can unicast, and some new layer3 switches can multicast
IP "efficiently", but if your switch sees the same MAC address on several
interfaces, one of them is going to get blocked (if you have spantree), or
the switch will just learn the new interface, and frames would go to the
wrong interface, but not to both.

- jsw

-----Original Message-----
From: Tim Kent [mailto:tim@rendrag.net]
Sent: Monday, March 19, 2001 12:50 AM
To: debian-isp@lists.debian.org
Subject: Re: arpwatch and more

I guess that means you have to keep those quad Ethernet Sun cards away.

Tim.

----- Original Message -----
From: "Marc Haber" <debian-isp.lists.debian.org@marc-haber.de>
To: <debian-isp@lists.debian.org>
Sent: Saturday, March 17, 2001 7:50 PM
Subject: Re: arpwatch and more

> On Fri, 16 Mar 2001 13:05:06 -0800, Mike Fedyk <mfedyk@matchmail.com>
> wrote:
> >On Fri, Mar 16, 2001 at 09:24:56PM +0100, Marc Haber wrote:
> >> Please be aware, though, that the MAC address is trivial to forge
> >> nowadays.
> >Hmm, how does a switch deal with the same mac address coming from two
ports
> >at the same time?
>
> It will probably flap. MAC address forging will only work if the host
> that owns the forged MAC is switched off or disabled in some other
> way.

--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

References:
- Re: arpwatch and more
  - From: "Tim Kent" <tim@rendrag.net>

Prev by Date: Re: copyrights liability question
Next by Date: Re: copyrights liability question
Previous by thread: Re: arpwatch and more
Next by thread: Proper way to add a virtual host?
Index(es):
- Date
- Thread