RSS Feed

📚 Network Layer Description

Created: 20.09.2020

Network Address Translation - mostly to map local IPs to public ones, but sometimes used to map between two public or local networks.

Static - one to one mapping.

Dynamic - many to many.

Overload - many to one.


MAC flooding

Span port

Everytime you receive messages fir these ports (say 1 to 10), also send them to the span port 25. But to turn it on, you need an access to switch’s config. Moreover, some switches are made in a way not to let span port talk, only listen. It’s a useful option for admins (basically turning a switch into some sort of lame hub). CISCO - SPAN (Switched Port Analyser), RSPAN (Remote Switched Port Analyser). RAP (Roving Analysis Port), 3Com switches.

Promiscous mode

NIC (network card) can operate in this mode and process all packets that it recieves. The packet’s destination is determined by MAC address, however, I’m putting this here for reference.

ARP poisoning

ARP poisoning aka ARP spoofing is an attacking technique when a hacker broadcasts their MAC address and other devices write this into their ARP cache. Since ARP cache is not persistent, in order to keep their spoofed MAC in the devices’ caches, one would need to send this broadcast continuously.

Why is this useful? Well, in a simple world (simple for hackers), every network device would be a hub. Hubs simply don’t care. But switches are very meticulous, they are checking the destination MAC address before relaying the packet. To overcome this, an attacker needs such attack.

#todo: more

MAC spoofing