On Mon, 2006-01-30 at 10:00 -0600, Mikkel L. Ellertson wrote:
Tim wrote:
>
> Wouldn't they also have to be co-relating IPs to MAC addresses? Surely
> they couldn't just work by the MAC, alone?
>
> For instance if my PC at 192.168.1.1 wants to do something with
> 192.168.1.2, all that goes out on the wire is the IP addresses, hoping
> that something else figures out how to connect the two together, or
> hoping that they're already directly connected together.
>
>>From the manual (tiny bit of paper) that came with my simple switch, I
> understood that it listened in on the traffic, worked out what IPs
> belong to what MACs, and switched accordingly after a few initial
> moments of discovering how the network was set up. If an IP or a MAC
> changed for a device (just one, and not necessarily both), it'd need to
> rethink things before it worked again.
>
> I can't say what switch I have, it's a black box, in a dark spot in the
> shelf. I can't see anything to identify it, just the blinking LEDs on
> the front.
>
If I understand things correctly, for the local network, your
computer does the IP to MAC mapping. (Run arp to see it.) The
packet has the MAC address as part of it. For destinations that
need to use a gateway, it has the gateway MAC address. The other
thing to consider is that not all traffic has an IP address. This
is because TCP/IP is not the only network traffic possible on the
LAN. Other protocols use different identification.
What switches learn is what MAC address is on what port. This can
cause problems if you change connections, depending on how fast the
switch "learns" the new port. When you get beyond home-grade
equipment, you may be able to tell the switch not to automaticly
"learn" the new port. This prevents someone from "cloning" a MAC
address and hijacking traffic.
A PC (or other device) sends packets to an IP address. The switch maps
the IP to MAC to keep track of what is attached to each port and where
to send traffic. A TCP packet does not contain MAC addressing (although
some protocols may).
ARP is a way for the local PC to see what is avialable, but if you check
the ARP table on your PC it usually only remembers the MAC address for a
very short time, thus the effect you describe above.
Also, remember, MAC addressing is only valid on the local LAN. If it
has to go through a router that cannot work. Those protocols that do
use MAC addressing are local LAN protocols only.
Mikkel
--
Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!