Address Learning

Address Learning

Address learning enables switches to pass traffic far more efficiently,
and securely, than hubs. The switch maps the MAC address (or IP
address in the case of more modern Layer 3 switches) of a device to a
particular port so data destined for the device can be forwarded
directly to that port, as opposed to forwarding to all ports. This reduces
the load on the individual LAN segments, and inhibits conventional
sniffing methods, as only traffic intended for a specific host is passed to
its NIC. Only broadcast packets (such as ARP requests, bootp/ DHCP
and NBT) will be received by all hosts in a broadcast domain. The
distribution of broadcast traffic can be further limited by segregating
the IP subnet space and utilizing virtual networks (such as CISCO
VLANs).
Under normal circumstances on a switched network, this means that by
simply traffic sniffing the wire, data that was not intended for the
scanning host (other than network broadcast traffic) will not be sent to
the port, and will not therefore be monitored.