Jump to content

Broadcast traffic

Edit links
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Dthomsen8 (talk | contribs) at 20:56, 26 February 2014 (clean up, typo(s) fixed: , → , using AWB). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Broadcast traffic, in computer networking, is traffic that is simultaneously addressed to all computers connected to the network, as opposed to unicast or multicast traffic. This is in contrast to the model SLP offers.

In TCP/IP networking, the highest possible address in the IP network range is reserved as the broadcast address - for example in the network 192.168.0.0/24 (192.168.0.xxx with subnet mask 255.255.255.0) the broadcast address is 192.168.0.255.

In MAC addressing, the broadcast address is the MAC address FF:FF:FF:FF:FF:FF, otherwise known as the "all F" address.

IP packets or Ethernet frames sent to the broadcast address will be sent to all nodes within the broadcast domain.

Proper Configuration

All stations should be on the same segment (or bridged), and should be listening on the same broadcast address to participate. Stations that have mismatched settings will have limited or no visibility of nearby services. Remote announcements must use that address (but are not necessarily required to use it as its broadcast address).

Role

One of the primary purposes of the broadcast address, is for systems to share service and state information between them. Typical examples are visible with ruptime, SAMBA or Windows file and print sharing. Each station broadcasts its presence into the local network to announce its services.

Security

Stations that should not announce their service states should disable broadcasting. While setting the broadcast address to the same IP address of the station works, it's not a best practice. This will disable that station from learning of other broadcast traffic in the network. If the service in question alone provides too much information, it can instead be disabled or removed.

Some Denial of service attacks use broadcast amplification to elicit replies from a broadcast address to a spoofed victim. Routers should use ACLs or filtering to drop unwanted external-to-local broadcast traffic. This will prevent local stations from replying. Many Operating Systems have additional configuration to enable/disable broadcast replies.

Linux via procfs
$ cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
Retrieved from "https://en.wikipedia.org/w/index.php?title=Broadcast_traffic&oldid=597276512"