Hi Sarky, > Just wondering what ports do those work on, if someone wants to try to limit > the broadcast and the rest coming out of the system what is the best method. They don't work on "ports" as such, they are above the TCP/UDP layer that knows about ports. There are two "types" of broadcast and multicast which are commonly encountered: Ethernet (layer 2) and IP (layer 3). Ethernet broadcast is where an Ethernet frame is sent to the special MAC address FF:FF:FF:FF:FF:FF on an Ethernet network. Ethernet multicast is where a frame is sent to an address with the top bit set (e.g. 01:00:00:5e:00:00). Both of these are used extensively for protocols such as ARP, Spanning Tree Protocol, and to support IP broadcast and multicast over Ethernet. IP broadcast is where an IP packet is sent to a broadcast address. The definition of an IP broadcast address is usually the last IP address in a subnet (e.g. 192.168.0.255 if your network is 192.168.0.0/24). IP multicast is where a packet is sent to an address in 224.0.0.0/4. IP broadcast packets sent over Ethernet should be sent to the Ethernet broadcast address. The rules for multicast are less clear (to me, at least). > At the moment my Switch is recieving low amount of Broadcast and MultiCast > but transmitting a lot of it.. > And i dont know what to do or where to start. Find out what kind of broadcast/multicast by looking at "tcpdump -e" and checking the MAC addresses that the packets were sent to. Often the traffic can be disabled by setting options on the switch (e.g. disabling Spanning Tree Protocol/STP). However, it usually doesn't take a lot of traffic and performs a useful service, so it might not be wise to disable it. Hope this helps, Cheers, Chris. -- ___ __ _ / __// / ,__(_)_ | Chris Wilson -- UNIX Firewall Lead Developer | / (_ / ,\/ _/ /_ \ | NetServers.co.uk http://www.netservers.co.uk | \ _//_/_/_//_/___/ | 21 Signet Court, Cambridge, UK. 01223 576516 |
