40 Chapter 2 ■ System Fundamentals
that routers connect networks and that switches simply create multiple broadcast domains.
Yes, back to the good stuff indeed, but don’t shy away just yet; concepts such as broad-
cast domains will play a large part in our more interesting endeavors, such as sniffing
and packet capturing. A solid understanding of the functions of routers and switches will
give you a substantial edge when spying out goodies on a network (authorized spying of
course!).Routers
Let’s begin with routers. Our aim here is to give you a firm understanding of the basic
functions of routers, so you’ll use this knowledge for more complex hacking techniques and
tools. A quick overview of the fundamentals: a router’s main function is to direct packets
(layer 3 traffic) to the appropriate location based on network addressing. Because routers
direct traffic at the network layer, they are considered layer 3 devices. When talking about
routers, we are talking about common protocols such as IP—that is, we are dealing with IP
addressing. Routers are also used as a gateway between different kinds of networks, such
as networks on different IP ranges or networks that don’t understand each other’s protocol.
For example, in an enterprise or business setup, it’s not possible to jam a fiber-run T1
connection into a client computer and expect to have blazingly fast network speeds.
The computer, or more accurately the network interface card (NIC), is not capable of
speaking the same language as the outside connection. Routers bridge that gap and allow
the different protocols on different networks to communicate.
Routers also use Network Address Translation (NAT). This is an extremely useful tech-
nology that allows internal network clients to share a single public IP address for access to
the outside world. Essentially a router has two interfaces: one for the outside world and one
for the internal network. The outside connection, or the public side, is assigned a public
IP address purchased from a local Internet service provider (ISP). The internal side of the
router is connected to your local intranet, which contains all of your internal IPs and your
protected resources. From the internal side you are free to create any IP scheme you want
because it’s internal to your site. When an internal client then makes a request for an out-
side resource, the router receives that traffic and sends it out the public side with its public
IP. This process safeguards the internal client’s IP address and also funnels all outbound
requests through the same public IP. Because NAT is so common these days, you rarely
notice that it’s actually occurring.Real-world reasoning behind using NAT is not just for security’s sake. It’s
a major money saver for the business as well as a method of conserving IP
addresses for the ISP.Switches
Switches deliver data (frames) based on the hardware addresses of the destination comput-
ers or devices. Hardware addresses, also called media access control (MAC) addresses,
are permanent identifiers burned into each NIC by the manufacturer. MAC addresses are