Question about broadcast address traffic within a subnet
-
@johnpoz
So, what you are saying is that the other addresses are receiving the broadcast from 192.168.4.255? -
YES!!! and so does pfsense since its sent to all macs with that all FFs mac.
-
Here is ping to pfsense which is at 9.253 - see its mac!!
Then I send to 9.10 ping - see its sent to its mac.. not all FFs
Pfsense sees the one sent to its mac, it does not see the one sent to 9.10 mac.
-
@johnpoz said in Question about broadcast address traffic within a subnet:
YES!!! and so does pfsense since its sent to all macs with that all FFs mac.
Excellent!! I think that the information I was interpreting from the logs was the source of my confusion. It made it seem that pfSense was blocking the broadcast to all the addresses to my subnet but you are saying that is not actually happening?
-
Its sees the traffic since sent to all mac.. FFs -- says hey that rule says to block and log it..
But that doesn't stop all the other devices from seeing it..
-
@johnpoz My question is finally answered!! Thank you so much! I owe you a beer.
-
No problem - glad I could help... I would suggest you read up on how traffic is actually sent on the wire.. its sent to a specific mac address.. when client wants to talk to 1.2.3.4, if that is on its own network, then it arps for it! and then sends the traffic to that mac address.
When the IP is not on its local network it sends it to the mac address of the gateway (pfsense) pfsense sees this traffic since sent to its mac, and says oh hey that is meant to go to 8.8.8.8 or where ever. Do I have a route to this network? Then send it to the mac address of the gateway or the default gateway mac, if don't have direct route to get to network that 8.8.8.8 sits on..
Traffic is only ever actually sent to a mac address
Example here me pinging 8.8.8.8
Notice the mac address is the mac address of pfsense 9.253.. as I posted earlier..
this is how switches know which port to send traffic on, because the switch uses its arp table and says hey mac xyz is connected to port 4.. So sends the traffic out port 4, and not all the ports. When switch sees traffic to mac abc, and its not in the switches arp table - then it arps out all its ports, to find out which port that mac is on, etc..
Once you understand how this stuff actually works ;) Then it all becomes easy to figure out what is wrong...
example - is is the mac address table of my switch, and you can see what macs are on what ports
sg300-28#sho mac address-table Flags: I - Internal usage VLAN Aging time is 300 sec Vlan Mac Address Port Type ------------ --------------------- ---------- ---------- 2 00:08:a2:0c:e6:20 gi5 dynamic 2 02:11:32:25:6d:d0 gi26 dynamic 2 02:11:32:28:77:34 gi26 dynamic 2 04:18:d6:c0:1c:90 gi7 dynamic 2 04:18:d6:c0:1f:6b gi11 dynamic 2 0c:51:01:8c:19:ae gi9 dynamic 2 80:2a:a8:13:4f:07 gi9 dynamic 2 88:b2:91:98:d6:f0 gi9 dynamic 2 f4:06:16:4f:f6:36 gi7 dynamic 3 00:08:a2:0c:e6:21 gi6 dynamic 3 64:52:99:6b:84:76 gi7 dynamic 3 8c:ae:4c:f5:59:82 gi3 dynamic 3 b8:27:eb:31:70:ab gi16 dynamic 3 b8:27:eb:38:d8:4d gi18 dynamic 4 00:08:a2:0c:e6:20 gi5 dynamic 4 50:c7:bf:06:63:83 gi7 dynamic 4 50:c7:bf:21:73:52 gi9 dynamic 4 50:c7:bf:21:81:58 gi9 dynamic 4 50:dc:e7:28:08:70 gi7 dynamic 4 5c:cf:7f:df:84:1e gi9 dynamic 4 68:54:fd:47:87:32 gi7 dynamic 4 88:3f:4a:f0:cb:9c gi7 dynamic 4 a8:1b:6a:24:ec:26 gi27 dynamic 7 00:04:20:ed:f8:62 gi7 dynamic 7 00:08:a2:0c:e6:23 gi8 dynamic 7 0c:08:b4:48:cc:63 gi7 dynamic 7 5c:ad:76:d5:36:2d gi7 dynamic 7 88:de:a9:5c:9a:81 gi11 dynamic 7 d0:4d:2c:12:bf:f3 gi7 dynamic 9 00:08:a2:0c:e6:24 gi4 dynamic 9 00:11:32:7b:29:7d gi26 dynamic 9 00:11:32:7b:29:7e gi24 dynamic 9 00:13:3b:2f:67:62 gi10 dynamic 9 00:13:3b:2f:67:63 gi28 dynamic 9 70:6e:6d:f3:11:93 0 self 9 c0:7b:bc:65:4f:13 gi7 dynamic 9 c0:7b:bc:65:4f:1c gi7 dynamic 99 00:01:5c:82:36:46 gi13 dynamic 99 00:08:a2:0c:e6:25 gi1 dynamic sg300-28# -
@johnpoz said in Question about broadcast address traffic within a subnet:
No problem - glad I could help... I would suggest you read up on how traffic is actually sent on the wire.. its sent to a specific mac address.. when client wants to talk to 1.2.3.4, if that is on its own network, then it arps for it! and then sends the traffic to that mac address.
When the IP is not on its local network it sends it to the mac address of the gateway (pfsense) pfsense sees this traffic since sent to its mac, and says oh hey that is meant to go to 8.8.8.8 or where ever. Do I have a route to this network? Then send it to the mac address of the gateway or the default gateway mac, if don't have direct route to get to network that 8.8.8.8 sits on..
Traffic is only ever actually sent to a mac address
Example here me pinging 8.8.8.8
Notice the mac address is the mac address of pfsense 9.253.. as I posted earlier..
this is how switches know which port to send traffic on, because the switch uses its arp table and says hey mac xyz is connected to port 4.. So sends the traffic out port 4, and not all the ports. When switch sees traffic to mac abc, and its not in the switches arp table - then it arps out all its ports, to find out which port that mac is on, etc..
Once you understand how this stuff actually works ;) Then it all becomes easy to figure out what is wrong...
example - is is the mac address table of my switch, and you can see what macs are on what ports
sg300-28#sho mac address-table Flags: I - Internal usage VLAN Aging time is 300 sec Vlan Mac Address Port Type ------------ --------------------- ---------- ---------- 2 00:08:a2:0c:e6:20 gi5 dynamic 2 02:11:32:25:6d:d0 gi26 dynamic 2 02:11:32:28:77:34 gi26 dynamic 2 04:18:d6:c0:1c:90 gi7 dynamic 2 04:18:d6:c0:1f:6b gi11 dynamic 2 0c:51:01:8c:19:ae gi9 dynamic 2 80:2a:a8:13:4f:07 gi9 dynamic 2 88:b2:91:98:d6:f0 gi9 dynamic 2 f4:06:16:4f:f6:36 gi7 dynamic 3 00:08:a2:0c:e6:21 gi6 dynamic 3 64:52:99:6b:84:76 gi7 dynamic 3 8c:ae:4c:f5:59:82 gi3 dynamic 3 b8:27:eb:31:70:ab gi16 dynamic 3 b8:27:eb:38:d8:4d gi18 dynamic 4 00:08:a2:0c:e6:20 gi5 dynamic 4 50:c7:bf:06:63:83 gi7 dynamic 4 50:c7:bf:21:73:52 gi9 dynamic 4 50:c7:bf:21:81:58 gi9 dynamic 4 50:dc:e7:28:08:70 gi7 dynamic 4 5c:cf:7f:df:84:1e gi9 dynamic 4 68:54:fd:47:87:32 gi7 dynamic 4 88:3f:4a:f0:cb:9c gi7 dynamic 4 a8:1b:6a:24:ec:26 gi27 dynamic 7 00:04:20:ed:f8:62 gi7 dynamic 7 00:08:a2:0c:e6:23 gi8 dynamic 7 0c:08:b4:48:cc:63 gi7 dynamic 7 5c:ad:76:d5:36:2d gi7 dynamic 7 88:de:a9:5c:9a:81 gi11 dynamic 7 d0:4d:2c:12:bf:f3 gi7 dynamic 9 00:08:a2:0c:e6:24 gi4 dynamic 9 00:11:32:7b:29:7d gi26 dynamic 9 00:11:32:7b:29:7e gi24 dynamic 9 00:13:3b:2f:67:62 gi10 dynamic 9 00:13:3b:2f:67:63 gi28 dynamic 9 70:6e:6d:f3:11:93 0 self 9 c0:7b:bc:65:4f:13 gi7 dynamic 9 c0:7b:bc:65:4f:1c gi7 dynamic 99 00:01:5c:82:36:46 gi13 dynamic 99 00:08:a2:0c:e6:25 gi1 dynamic sg300-28#Fantastic tutorial! What about broadcast traffic? Do they also follow the mac address rule?
-
broadcast is sent to all FFs for the mac - so it goes everwhere!!! That is on that same L2 network, if switch sees that on say vlan X, then all ports that are also in vlan X would see that traffic. Ports in vlan Y wouldn't get sent that traffic.
For dumb switches - all ports would see it, because all ports are in the same vlan on a dumb switch (vlan 1)..
If you want to see that in action - just sniff on say machine A, and pfsense and then send a ping to 192.168.4.255 from machine B..
edit: I would show you an example of this, but its time to watch some TV with the wife! ;)
-
@johnpoz
A much appreciated thanks! I have consumed more than enough of your time this evening and have no more questions for you regarding this topic. Definitely do not ignore the wife!! Perhaps I can trouble you again sometime in the future?
