Skip navigation
Cisco Learning Home > Certifications > Security (CCSP) Retired > Discussions

_Communities

This Question is Answered 2 Helpful Answers available (2 pts)
32404 Views 13 Replies Latest reply: Mar 17, 2011 8:32 AM by Scott Morris - CCDE/4xCCIE/2xJNCIE RSS

Currently Being Moderated

Pinging a broadcast address

Mar 16, 2011 8:24 AM

Steven Williams 3,266 posts since
Jan 26, 2009

What happens if you ping a broadcast IP address?

  • Conwyn 7,907 posts since
    Sep 10, 2008
    Currently Being Moderated
    1. Mar 16, 2011 8:42 AM (in response to Steven Williams)
    Re: Pinging a broadcast address

    Hi Hollywood

     

    If in enabled mode everybody replies but not always.

     

    Regards Conwyn

  • Brian 2,968 posts since
    Aug 17, 2009
    Currently Being Moderated
    3. Mar 16, 2011 9:07 AM (in response to Steven Williams)
    Re: Pinging a broadcast address

    Are you talking a directed broadcast (ie 192.168.1.255) or local broadcast (ie 255.255.255.255)?   There is a big difference.

     

    Try a search on CLN, we talked about this before I am sure you can find it.

     

    HTH

  • Brian 2,968 posts since
    Aug 17, 2009
    Currently Being Moderated
    5. Mar 16, 2011 9:27 AM (in response to Steven Williams)
    Re: Pinging a broadcast address

    Are you talking layer 2 or layer 3 switch?  A layer 2 switch does nothing with the ip directed broadcast.  Take this example,  I am on LAN 1 (192.168.1.0/24) and ping the directed broadcast address 192.168.1.255.

     

    Host 1 <--> SW1 <--> R1 <--> R2 <--> SW2 <--> Host 2

     

    Host 1 pings 192.168.1.255, assuming that the GW IP has already been resolved the packet gets forwarded to the router R1.  assuming that "ip directed broadcast" is enabled on R1, R1 sees that the destination is "local" and converts the directed broadcast 192.168.1.255 --> 255.255.255.255 and sends back out the LAN 1 interface.  All hosts will respond.

     

    Host 2 is on LAN 2 (192.168.2.0/24).  Host 1 pings the directed broadcast 192.168.2.255.  Assuming that "ip directed broadcast" is enabled on R1 and R2.  The packet goes from Host 1 to R1. R1 routes the packet to R2.  R2 sees that the destination is "local" and converts the directed broadcast 192.168.2.255 --> 255.255.255.255 and sends ont the LAN 2 interface.  All hosts on LAN 2 respond.

     

    HTH

  • Scott Morris - CCDE/4xCCIE/2xJNCIE 8,398 posts since
    Oct 7, 2008
    Currently Being Moderated
    7. Mar 16, 2011 8:13 PM (in response to Steven Williams)
    Re: Pinging a broadcast address

    Why would it hit your gateway?  If you are local the subnet, you will actually self-translate that into 255.255.255.255.  (debug ip packet on a router will show you that)

     

    If you try it to a different subnet, you'll need "ip directed-broadcast" enabled on the interface belonging to the subnet you're trying to send to.  Otherwise, since IOS 12.0, those subnet pings have been blocked from a routing point of view. (smurf attack)

     

    Keep in mind though that's always at the END point.  Up until the last router, nobody else really knows whether an IP is a broadcast or not.  Just that last router whether the subnet + mask really exists can we tell!

     

    HTH,

     

    Scott

  • Scott Morris - CCDE/4xCCIE/2xJNCIE 8,398 posts since
    Oct 7, 2008
    Currently Being Moderated
    9. Mar 17, 2011 7:15 AM (in response to Steven Williams)
    Re: Pinging a broadcast address

    You'll get lots of replies from everyone on your subnet.  At least everyone who didn't have an ACL or FW blockin ICMP. 

     

    And the rest of us will wonder WHY you felt like doing that!?!??

  • Keith Barker - CCIE RS/Security, CISSP 5,351 posts since
    Jul 3, 2009
    Currently Being Moderated
    10. Mar 17, 2011 7:28 AM (in response to Steven Williams)
    Re: Pinging a broadcast address

    Hello Hollywood-

     

    You have gotten some great responses.

     

    Here is what it would look like from the CLI and wireshark, if the admin at the router send a local broadcast PING:

     

    Local broadcast Ping.png

     

     

    R2#ping 10.234.0.255

     

    Type escape sequence to abort.

    Sending 5, 100-byte ICMP Echos to 10.234.0.255, timeout is 2 seconds:

     

    Reply to request 0 from 10.234.0.4, 4 ms

    Reply to request 0 from 10.234.0.3, 8 ms

    Reply to request 1 from 10.234.0.3, 8 ms

    Reply to request 1 from 10.234.0.4, 8 ms

    Reply to request 2 from 10.234.0.3, 8 ms

    Reply to request 2 from 10.234.0.4, 8 ms

    Reply to request 3 from 10.234.0.3, 4 ms

    Reply to request 3 from 10.234.0.4, 4 ms

    Reply to request 4 from 10.234.0.3, 4 ms

    Reply to request 4 from 10.234.0.4, 8 ms

    R2#

     

     

    Local broadcast Ping Wireshark.png

     

    The switch, as usual, would forward the L2 broadcast to all other ports in the same VLAN, and the devices on those ports would de-encapsulate the ICMP echo request, and respond with a unicast echo-reply back to the source address used in the request (in this example, R2 is using 10.234.0.2).

     

    Best wishes,

     

    Keith

  • Jared 5,502 posts since
    Jul 27, 2008
    Currently Being Moderated
    12. Mar 17, 2011 8:13 AM (in response to Steven Williams)
    Re: Pinging a broadcast address

    If you have enough people doing it.... then it could be a potential DDoS attack.  That is why you don't want users to have access to ping utilities and why admins may lock down the CLI of both windows and mac machines.

  • Scott Morris - CCDE/4xCCIE/2xJNCIE 8,398 posts since
    Oct 7, 2008
    Currently Being Moderated
    13. Mar 17, 2011 8:32 AM (in response to Steven Williams)
    Re: Pinging a broadcast address

    It would only clog local workstations and switch throughput.  Your "pipes" (connections elsewhere) would be fine unless you were routing.

     

    Typically things like that (especially pinging to the subnet broadcast with a source IP of the broadcast as well) are meant to target the devices on the local segment.

     

    Scott

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)