Broadcast traffic
Encyclopedia
Broadcast traffic, in computer network
ing, is traffic that is simultaneously addressed to all computers connected to the network, as opposed to unicast
or multicast
traffic. This is in contrast to the model SLP
offers.
In TCP/IP networking (layer 3 on the OSI Model
), the highest possible address in the IP network range is reserved
as the broadcast address
- for example in the network 192.168.0.0/24 (192.168.0.xxx with subnet mask 255.255.255.0) the broadcast address is 192.168.0.255.
In MAC
addressing (layer 2 on the OSI model), the broadcast address is the MAC address
FF:FF:FF:FF:FF:FF, otherwise known as the 'all F' address.
Packets (layer 3) or frames (layer 2) sent to the broadcast address will be sent to all nodes
within the broadcast domain
.
or Windows file and print sharing. Each station broadcasts its presence into the local network to announce its services.
Some Denial of service attacks use broadcast amplification to elicit replies from a broadcast address to a spoofed victim. Routers should use ACL
s or filtering to drop unwanted external to local broadcast traffic. This will prevent local stations from replying. Many Operating System
s have additional configuration to enable/disable broadcast replies.
Linux via procfs
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
ing, is traffic that is simultaneously addressed to all computers connected to the network, as opposed to unicast
Unicast
right|200pxIn computer networking, unicast transmission is the sending of messages to a single network destination identified by a unique address.-Addressing methodologies:...
or multicast
Multicast
In computer networking, multicast is the delivery of a message or information to a group of destination computers simultaneously in a single transmission from the source creating copies automatically in other network elements, such as routers, only when the topology of the network requires...
traffic. This is in contrast to the model SLP
Service Location Protocol
The Service Location Protocol is a service discovery protocol that allows computers and other devices to find services in a local area network without prior configuration. SLP has been designed to scale from small, unmanaged networks to large enterprise networks...
offers.
In TCP/IP networking (layer 3 on the OSI Model
OSI model
The Open Systems Interconnection model is a product of the Open Systems Interconnection effort at the International Organization for Standardization. It is a prescription of characterizing and standardizing the functions of a communications system in terms of abstraction layers. Similar...
), the highest possible address in the IP network range is reserved
Reserved IP addresses
In the Internet addressing architecture, certain IP addresses are reserved by the Internet Assigned Numbers Authority for special use. These addresses may be necessary for maintenance of routing tables, multicast, or operation under failure modes....
as the broadcast address
Broadcast address
A broadcast address is a logical address at which all devices connected to a multiple-access communications network are enabled to receive datagrams...
- for example in the network 192.168.0.0/24 (192.168.0.xxx with subnet mask 255.255.255.0) the broadcast address is 192.168.0.255.
In MAC
Media Access Control
The media access control data communication protocol sub-layer, also known as the medium access control, is a sublayer of the data link layer specified in the seven-layer OSI model , and in the four-layer TCP/IP model...
addressing (layer 2 on the OSI model), the broadcast address is the MAC address
MAC address
A Media Access Control address is a unique identifier assigned to network interfaces for communications on the physical network segment. MAC addresses are used for numerous network technologies and most IEEE 802 network technologies, including Ethernet...
FF:FF:FF:FF:FF:FF, otherwise known as the 'all F' address.
Packets (layer 3) or frames (layer 2) sent to the broadcast address will be sent to all nodes
Node (networking)
In communication networks, a node is a connection point, either a redistribution point or a communication endpoint . The definition of a node depends on the network and protocol layer referred to...
within the broadcast domain
Broadcast domain
A broadcast domain is a logical division of a computer network, in which all nodes can reach each other by broadcast at the data link layer. A broadcast domain can be within the same LAN segment or it can be bridged to other LAN segments....
.
Proper Configuration
All stations should be on the same segment (or bridged), and should be listening on the same broadcast address to participate. Stations that have mismatched settings will have limited or no visibility of nearby services. Remote announcements must use that address (but are not neccessarly required to use it as its broadcast address).Role
One of the primary purposes of the broadcast address, is for systems to share service and state information between them. Typical examples are visible with ruptime, SAMBASamba
Samba is a Brazilian dance and musical genre originating in Bahia and with its roots in Brazil and Africa via the West African slave trade and African religious traditions. It is recognized around the world as a symbol of Brazil and the Brazilian Carnival...
or Windows file and print sharing. Each station broadcasts its presence into the local network to announce its services.
Security
Stations that should not announce their service states should disable broadcasting. While setting the broadcast addresses to the same ip address of the station works, it's not a best practice. This will disable that station from learning of other broadcast traffic in the network. If the service in question alone provides too much information, you should consider disabling or removing it.Some Denial of service attacks use broadcast amplification to elicit replies from a broadcast address to a spoofed victim. Routers should use ACL
Access control list
An access control list , with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject...
s or filtering to drop unwanted external to local broadcast traffic. This will prevent local stations from replying. Many Operating System
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s have additional configuration to enable/disable broadcast replies.
Linux via procfs
$ cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts