At 03:48 PM 10/4/2006, Usman Qureshi wrote:
Hello,
I have a questions regarding ICMP packets traversing through Hubs and
Switches. If connected on a Hub I ping the broadcast address
(<http://192.168.0.255>192.168.0.255) from a host machine
(<http://192.168.0.100> 192.168.0.100) I get a response from the address
<http://192.168.0.1>192.168.0.1 with destination address as
<http://192.168.0.100>192.168.0.100. How is this possible? I do not have
machine with the broadcast IP address.
You need to look at more of the traffic to figure out what is going on.
What is the Ethernet destination address of the ping? When you ping an
address, the ping program will look up the specified IP address (this is
done by asking the OS for the Ethernet address of the given IP address,
which is done by looking up that IP address in the OS's ARP cache, and if
it is not there by sending an ARP request). One possibility is if the
machine at 192.168.0.1 responded to the ARP request for 192.168.0.255. It
is also possible that some TCP/IP stacks might special-case a subnet
broadcast and not send an ARP at all (see below).
On the other hand, when connected through a switch I do not get any
replies and only see request packets on Ethereal.
I'm not sure why that would be. But looking at the ARP cache on the
machine doing the ping and looking for ARP messages in both cases might
give a clue.
I just tried this on a Win2000 and a WinXP machine. The ping to the subnet
broadcast address did not cause an ARP to be sent. The ping was sent to
the Ethernet broadcast address. In my case there was only one reply, from
an Ubuntu Linux server. None of the Microsoft OSes (WinXP, Win2000 server,
Win2000) responded.
