A network switch is a computer networking device that connects LAN segments. It was developed from the electronic hub where the hub provided a central nodal device for a star configured network. In a shared hub, all star network connections receive a broadcast frame. The switch connects Ethernet or Token Ring segments together as needed based on the MAC address and the connections are maintained only as long as data is being transmitted. This point-to-point approach allows the switch to connect multiple pairs of segments at a time allowing more than one computer to transmit data at a time.
There are three types of ways in which a switch can operate:
- cut through
- store and forward
- error free cut-through
Switches provide difficulties in monitoring traffic because each port is isolated until it transmits data and even then only the sending and receiving ports are connected.
Two popular methods that are specifically designed to allow a network manager to monitor traffic are:
- port mirroring -- the switch sends a copy of network packets to a monitoring network connection.
- SMON -- "Switch Monitoring" is described by RFC 2613 and is a protocol for controlling facilities such as port mirroring.
- ARP Spoofing -- fooling the target computer into using your own MAC address for the network gateway, or alternatively getting it to use the broadcast MAC.
- MAC Flooding -- overloading the switch with a large number of MAC addresses, so that it drops into a "failopen mode".