Network switch

A network switch is a computer networking device that connects LAN segments. It was developed from the electronic hub where the hub provided a central nodal device for a star configured network. In a shared hub, all star network connections receive a broadcast frame. The switch connects Ethernet or Token Ring segments together as needed based on the MAC address and the connections are maintained only as long as data is being transmitted. This point-to-point approach allows the switch to connect multiple pairs of segments at a time allowing more than one computer to transmit data at a time.

There are three types of ways in which a switch can operate:

A switch is similar to a hub in that it provides a single broadcast domain, but differs in that each port on a switch is its own collision domain.

Switches provide difficulties in monitoring traffic because each port is isolated until it transmits data and even then only the sending and receiving ports are connected.

Two popular methods that are specifically designed to allow a network manager to monitor traffic are:

  • port mirroring[?] -- the switch sends a copy of network packets to a monitoring network connection.
  • SMON[?] -- "Switch Monitoring" is described by RFC 2613 and is a protocol for controlling facilities such as port mirroring.

Other methods have been devised to allow snooping on another computer on the network without the cooperation of the switch:

  • ARP Spoofing[?] -- fooling the target computer into using your own MAC address for the network gateway, or alternatively getting it to use the broadcast MAC.
  • MAC Flooding[?] -- overloading the switch with a large number of MAC addresses, so that it drops into a "failopen mode".

