CAM Table
Encyclopedia
Content addressable memory (CAM) table is a term referring to the dynamic content-addressable memory
in an Ethernet switch.
s from one port to another. The presence of a CAM table is one attribute that separates a switch from a hub. Without a functional CAM table, all frames received by a network switch would be echoed back out to all other ports, much like an Ethernet hub
. A switch should only emit a frame on the port where the destination network device resides (unicast
), unless the frame is for all nodes on the switch (broadcast) or multiple nodes (multicast
).
Generally, the CAM table is a system memory construct used by Ethernet switch logic to dereference Media Access Control
(MAC) addresses of stations to the ports on which they connect to the switch. This allows switches to facilitate communications between connected stations at high speed regardless of how many devices are connected to the switch. The CAM table is consulted to make the frame forwarding decision. Switches learn MAC addresses from the source address of Ethernet frames on the ports, such as Address Resolution Protocol
response packets.
to set up man-in-the-middle attack
s. A threat agent which has control of a device connected to an Ethernet switch can attack the switch's CAM table. This attack usually involves exploiting a vulnerability in switch design that appears when the switch runs out of space to record all of the MAC-port mappings it learns. If the table fills up due to MAC flooding
, most switches are no longer able to reliably map a MAC to a port. Rather than failing to deliver frames, the switch begins to flood any received frame simultaneously to all ports. In the case of unicast
datagrams, data formerly only available to the communications endpoint nodes is now available to all nodes on the switch. This is an inherent confidentiality vulnerability in many Ethernet switches. When the switch is operating in this temporary state, any cleartext data is visible to a watching third party. This also can cause impaired performance levels on the switch and networks to which it is connected.
Content-addressable memory
Content-addressable memory is a special type of computer memory used in certain very high speed searching applications. It is also known as associative memory, associative storage, or associative array, although the last term is more often used for a programming data structure...
in an Ethernet switch.
Operation
A Ethernet switch's role is to copy Ethernet frameEthernet frame
A data packet on an Ethernet link is called an Ethernet frame. A frame begins with Preamble and Start Frame Delimiter. Following which, each Ethernet frame continues with an Ethernet header featuring destination and source MAC addresses. The middle section of the frame is payload data including any...
s from one port to another. The presence of a CAM table is one attribute that separates a switch from a hub. Without a functional CAM table, all frames received by a network switch would be echoed back out to all other ports, much like an Ethernet hub
Ethernet hub
An Ethernet hub, active hub, network hub, repeater hub or hub is a device for connecting multiple Ethernet devices together and making them act as a single network segment. A hub works at the physical layer of the OSI model. The device is a form of multiport repeater...
. A switch should only emit a frame on the port where the destination network device resides (unicast
Unicast
right|200pxIn computer networking, unicast transmission is the sending of messages to a single network destination identified by a unique address.-Addressing methodologies:...
), unless the frame is for all nodes on the switch (broadcast) or multiple nodes (multicast
Multicast
In computer networking, multicast is the delivery of a message or information to a group of destination computers simultaneously in a single transmission from the source creating copies automatically in other network elements, such as routers, only when the topology of the network requires...
).
Generally, the CAM table is a system memory construct used by Ethernet switch logic to dereference Media Access Control
Media Access Control
The media access control data communication protocol sub-layer, also known as the medium access control, is a sublayer of the data link layer specified in the seven-layer OSI model , and in the four-layer TCP/IP model...
(MAC) addresses of stations to the ports on which they connect to the switch. This allows switches to facilitate communications between connected stations at high speed regardless of how many devices are connected to the switch. The CAM table is consulted to make the frame forwarding decision. Switches learn MAC addresses from the source address of Ethernet frames on the ports, such as Address Resolution Protocol
Address Resolution Protocol
Address Resolution Protocol is a telecommunications protocol used for resolution of network layer addresses into link layer addresses, a critical function in multiple-access networks. ARP was defined by RFC 826 in 1982. It is Internet Standard STD 37...
response packets.
Attacks
CAM tables are often the target of layer 2 network attacks in a local area networkLocal area network
A local area network is a computer network that interconnects computers in a limited area such as a home, school, computer laboratory, or office building...
to set up man-in-the-middle attack
Man-in-the-middle attack
In cryptography, the man-in-the-middle attack , bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other...
s. A threat agent which has control of a device connected to an Ethernet switch can attack the switch's CAM table. This attack usually involves exploiting a vulnerability in switch design that appears when the switch runs out of space to record all of the MAC-port mappings it learns. If the table fills up due to MAC flooding
MAC flooding
In computer networking, MAC flooding is a technique employed to compromise the security of network switches.Switches maintain a CAM Table that maps individual MAC addresses on the network to the physical ports on the switch...
, most switches are no longer able to reliably map a MAC to a port. Rather than failing to deliver frames, the switch begins to flood any received frame simultaneously to all ports. In the case of unicast
Unicast
right|200pxIn computer networking, unicast transmission is the sending of messages to a single network destination identified by a unique address.-Addressing methodologies:...
datagrams, data formerly only available to the communications endpoint nodes is now available to all nodes on the switch. This is an inherent confidentiality vulnerability in many Ethernet switches. When the switch is operating in this temporary state, any cleartext data is visible to a watching third party. This also can cause impaired performance levels on the switch and networks to which it is connected.