[Tfug] Ethernet frame "immutables" wrt switch silicon
Zack Williams
zdwzdw at gmail.com
Sat May 11 19:30:58 MST 2013
On Sat, May 11, 2013 at 2:21 PM, Bexley Hall <bexley401 at yahoo.com> wrote:
> I'm more interested in what *parts* of the (legitimate) frame
> are parsed/relied upon by the switch(es).
>
> E.g., the switch (differing from a "hub") would have to watch the
> destination MAC to know to which port the packet should get sent.
> Also, the source MAC to know what nodes *generate* traffic on that
> (incoming) port.
>
> Presumably, the CRC would need to be monitored so the switch could
> decide if the packet has been corrupted (I suppose a switch *could*
> just pass along a corrupted packet "as it" but that seems silly).
>
> That leaves the frame type as the only field that seems to have
> some wiggle room regarding interpretation/significance.
>
> And, of course, there's the whole issue of how switch silicon
> deals with "broken" frames -- or, frames that go beyond their
> idea of what a frame "should be".
>
I'd imagine the error recovery could be different on each piece of
switching silicon.
If it's low level enough, you may be able to write a set of tests with
Scapy that could determine the differences:
http://www.secdev.org/projects/scapy/
- Zack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20130511/22793559/attachment-0002.html>
More information about the tfug
mailing list