A network switch
is a computer networking device
that connects LAN segments.
It was developed from the electronic hub
where the hub provided a central nodal device for a star configured network. In a shared hub, all star network connections receive a broadcast frame.
The switch connects Ethernet
or Token Ring
segments together as needed based on the MAC address
and the connections are maintained only as long as data is being transmitted.
This point-to-point approach allows the switch to connect multiple pairs of segments at a time allowing more than one computer
to transmit data at a time.
There are three types of ways in which a switch can operate:
- cut through
- store and forward
- error free cut-through
A switch is similar to a hub
in that it provides a single broadcast domain
, but differs in that each port
on a switch is its own collision domain
Switches provide difficulties in monitoring traffic because each port is isolated until it transmits data and even then only the sending and receiving ports are connected.
Two popular methods that are specifically designed to allow a network manager to monitor traffic are:
- port mirroring -- the switch sends a copy of network packets to a monitoring network connection.
- SMON -- "Switch Monitoring" is described by RFC 2613 and is a protocol for controlling facilities such as port mirroring.
Other methods have been devised to allow snooping on another computer on the network without the cooperation of the switch:
- ARP Spoofing -- fooling the target computer into using your own MAC address for the network gateway, or alternatively getting it to use the broadcast MAC.
- MAC Flooding -- overloading the switch with a large number of MAC addresses, so that it drops into a "failopen mode".