Re: Is cable network really a shared medium? [7:38705]
At 10:18 PM 3/20/02, John Green wrote: my box (windows workstation) is connected to a cable modem (i guess motorola) and cable modem connects to my cable tv network and in turn to internet. That's typical. So you were doing the ARP -A on a Windows machine, I guess. And you're seeing remote stations in the ARP cache with a Physical address of 00-05-5f-ee-e0-54. (You never answered what those IP addresses are. On your own local network or remote? I'll assume remote since it sounds like your network is just your PC and cable modem.) 00-05-5f-ee-e0-54 is the physical address of a Cisco router. It's probably a router at your service provider. I bet your PC is ARPing for remote stations and the Cisco router is doing Proxy ARP. A PC ARPs for remote stations under a few conditions: The PC thinks the stations are local due to a subnet mask issue. The PC doesn't have a default gateway configured. The PC has the default gateway configured to be itself. (the same address as assigned to the PC.) You could check your network control panel. Relying on proxy ARP is pretty typical for dial-access. I haven't seen it with cable modem service. On the cable modem network that I support, the PCs get the address of an actual gateway (router) from the DHCP server. They only ARP for local stations and the default gateway. But there's nothing wrong with doing it the other way. Priscilla --- Priscilla Oppenheimer wrote: At 08:05 PM 3/18/02, John Green wrote: i guess you are right that there is some sort of filtering being done. because the arp command gives the same physical address of the hosts in my subnet. Where are you running this ARP command? On a router, on a workstation? What does your network look like? Internet Address Physical Address Type 211.16.12.1 00-05-5f-ee-e0-54 dynamic 211.16.13.14 00-05-5f-ee-e0-54 dynamic 00-05-5F is Cisco's vendor code. Perhaps it's your default gateway? What are the 211.16 addresses? Are they your local machines? I think we need more info to answer the question But perhaps knowing that the MAC address is a Cisco device will help. It could be the default gateway or the UBR at the service provider's network. But with no more info about your topology, I'm just guessing. Priscilla for all other hosts as well the physical address is same as above. I guess the physical address is of the access server that out host is connecting to (or rather for the same subnet all hosts connect to this same access server, could be a dhcp server as well). i guess it is a switched environment. but still the physical address for different hosts should show up as different. anyone knows what is going on here --- sam sneed wrote: I just changed services from DSL to cable modem. I have heard from people, including verizon, that cable is not as secure as DSL becuase it is over a shared medium. I connected to my cable modem and fired up my packet sniffer. I did not see anyone elses traffic on the line so i am assuming the bandwith is shared( a known fact about cable access) but is somehow filtered at the cable modem(bridge). Does anyone know if this assumption is true and the inside details of the how data is transmitted over the cable network? A link to a whitepaer would be great. thanks Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=39075t=38705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is cable network really a shared medium? [7:38705]
my box (windows workstation) is connected to a cable modem (i guess motorola) and cable modem connects to my cable tv network and in turn to internet. --- Priscilla Oppenheimer wrote: At 08:05 PM 3/18/02, John Green wrote: i guess you are right that there is some sort of filtering being done. because the arp command gives the same physical address of the hosts in my subnet. Where are you running this ARP command? On a router, on a workstation? What does your network look like? Internet Address Physical Address Type 211.16.12.1 00-05-5f-ee-e0-54 dynamic 211.16.13.14 00-05-5f-ee-e0-54 dynamic 00-05-5F is Cisco's vendor code. Perhaps it's your default gateway? What are the 211.16 addresses? Are they your local machines? I think we need more info to answer the question But perhaps knowing that the MAC address is a Cisco device will help. It could be the default gateway or the UBR at the service provider's network. But with no more info about your topology, I'm just guessing. Priscilla for all other hosts as well the physical address is same as above. I guess the physical address is of the access server that out host is connecting to (or rather for the same subnet all hosts connect to this same access server, could be a dhcp server as well). i guess it is a switched environment. but still the physical address for different hosts should show up as different. anyone knows what is going on here --- sam sneed wrote: I just changed services from DSL to cable modem. I have heard from people, including verizon, that cable is not as secure as DSL becuase it is over a shared medium. I connected to my cable modem and fired up my packet sniffer. I did not see anyone elses traffic on the line so i am assuming the bandwith is shared( a known fact about cable access) but is somehow filtered at the cable modem(bridge). Does anyone know if this assumption is true and the inside details of the how data is transmitted over the cable network? A link to a whitepaer would be great. thanks [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ Priscilla Oppenheimer http://www.priscilla.com [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38982t=38705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is cable network really a shared medium? [7:38705]
Hi Sam, The shared vs non-shared issue DSL providers mention is somewhat misleading. In any residential cable or DSL network, you will have stat muxing. In a cable network, this happens on the HFC network. In a DSL network, this happens at the Agg router (the one that terminates all of those DSL connections). The Internet is one big stat mux. In either the DSL or Cable approach, the customer observed performance will be a result of many factors, including access network design (how many subs share the cable or agg router), the behaviors of these other users, the regional network design, the size and types of peering connections, and where the users are actually surfing too. My house has a long driveway that only I use. Does that mean I'll get to work faster than the neighbors down the street which live in an apartment complex and share a driveway with other folks? In both approaches, one can prioritize traffic or partition bandwidth to certain groups of users. The current standard for how IP/ethernet frames are transmitted over an HFC network is defined via the DOCSIS 1.0 spec. This specification is available at www.cablelabs.com. This spec defines how to support best-effort IP transport. Support for additional features, include QoS, is defined in the DOCSIS 1.1 spec. This document is also available at the above web site. Some details about DOCSIS cable networks: * On the HFC network, a single downstream channel can support ~25-35 Mb/s (depending on the modulation being used). * The upstream connection typically can support between 5-10 Mb/s (depending on modulation and the size of the channel). * The cable operator can opt, based on RF combining, how many homes (fiber nodes) share a downstream or upstream.When service is initially launched in an area, an operator might combine several nodes together and as the take rate increases, reduce the amount of combining (which effectovely reduces the number of customers who share the bandwidth). * When a cable modem is brought online, it gets an IP address via DHCP and then is loaded with configuration information (IP, L2, and L4 filters), network management, etc information. These filters prevent issues which arise when DHCP servers are running in a customer's home, prevents my NETBIOS traffic from being seen by neighbors, etc. There are other technologies still deployed by cable operators to support HSD (LanCity, Motorola CDLP, Com21, etc.) which may not operate the same as DOCSIS. Hope this helps. sam sneed wrote: I just changed services from DSL to cable modem. I have heard from people, including verizon, that cable is not as secure as DSL becuase it is over a shared medium. I connected to my cable modem and fired up my packet sniffer. I did not see anyone elses traffic on the line so i am assuming the bandwith is shared( a known fact about cable access) but is somehow filtered at the cable modem(bridge). Does anyone know if this assumption is true and the inside details of the how data is transmitted over the cable network? A link to a whitepaer would be great. thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38787t=38705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is cable network really a shared medium? [7:38705]
Good post. One minor correction, the COM21 modems are DOCSIS 1.1 certified. - Original Message - From: bergenpeak To: Sent: Tuesday, March 19, 2002 9:53 AM Subject: Re: Is cable network really a shared medium? [7:38705] Hi Sam, The shared vs non-shared issue DSL providers mention is somewhat misleading. In any residential cable or DSL network, you will have stat muxing. In a cable network, this happens on the HFC network. In a DSL network, this happens at the Agg router (the one that terminates all of those DSL connections). The Internet is one big stat mux. In either the DSL or Cable approach, the customer observed performance will be a result of many factors, including access network design (how many subs share the cable or agg router), the behaviors of these other users, the regional network design, the size and types of peering connections, and where the users are actually surfing too. My house has a long driveway that only I use. Does that mean I'll get to work faster than the neighbors down the street which live in an apartment complex and share a driveway with other folks? In both approaches, one can prioritize traffic or partition bandwidth to certain groups of users. The current standard for how IP/ethernet frames are transmitted over an HFC network is defined via the DOCSIS 1.0 spec. This specification is available at www.cablelabs.com. This spec defines how to support best-effort IP transport. Support for additional features, include QoS, is defined in the DOCSIS 1.1 spec. This document is also available at the above web site. Some details about DOCSIS cable networks: * On the HFC network, a single downstream channel can support ~25-35 Mb/s (depending on the modulation being used). * The upstream connection typically can support between 5-10 Mb/s (depending on modulation and the size of the channel). * The cable operator can opt, based on RF combining, how many homes (fiber nodes) share a downstream or upstream.When service is initially launched in an area, an operator might combine several nodes together and as the take rate increases, reduce the amount of combining (which effectovely reduces the number of customers who share the bandwidth). * When a cable modem is brought online, it gets an IP address via DHCP and then is loaded with configuration information (IP, L2, and L4 filters), network management, etc information. These filters prevent issues which arise when DHCP servers are running in a customer's home, prevents my NETBIOS traffic from being seen by neighbors, etc. There are other technologies still deployed by cable operators to support HSD (LanCity, Motorola CDLP, Com21, etc.) which may not operate the same as DOCSIS. Hope this helps. sam sneed wrote: I just changed services from DSL to cable modem. I have heard from people, including verizon, that cable is not as secure as DSL becuase it is over a shared medium. I connected to my cable modem and fired up my packet sniffer. I did not see anyone elses traffic on the line so i am assuming the bandwith is shared( a known fact about cable access) but is somehow filtered at the cable modem(bridge). Does anyone know if this assumption is true and the inside details of the how data is transmitted over the cable network? A link to a whitepaer would be great. thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38813t=38705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is cable network really a shared medium? [7:38705]
At 08:05 PM 3/18/02, John Green wrote: i guess you are right that there is some sort of filtering being done. because the arp command gives the same physical address of the hosts in my subnet. Where are you running this ARP command? On a router, on a workstation? What does your network look like? Internet Address Physical Address Type 211.16.12.1 00-05-5f-ee-e0-54 dynamic 211.16.13.14 00-05-5f-ee-e0-54 dynamic 00-05-5F is Cisco's vendor code. Perhaps it's your default gateway? What are the 211.16 addresses? Are they your local machines? I think we need more info to answer the question But perhaps knowing that the MAC address is a Cisco device will help. It could be the default gateway or the UBR at the service provider's network. But with no more info about your topology, I'm just guessing. Priscilla for all other hosts as well the physical address is same as above. I guess the physical address is of the access server that out host is connecting to (or rather for the same subnet all hosts connect to this same access server, could be a dhcp server as well). i guess it is a switched environment. but still the physical address for different hosts should show up as different. anyone knows what is going on here --- sam sneed wrote: I just changed services from DSL to cable modem. I have heard from people, including verizon, that cable is not as secure as DSL becuase it is over a shared medium. I connected to my cable modem and fired up my packet sniffer. I did not see anyone elses traffic on the line so i am assuming the bandwith is shared( a known fact about cable access) but is somehow filtered at the cable modem(bridge). Does anyone know if this assumption is true and the inside details of the how data is transmitted over the cable network? A link to a whitepaer would be great. thanks [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38840t=38705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Is cable network really a shared medium? [7:38705]
I just changed services from DSL to cable modem. I have heard from people, including verizon, that cable is not as secure as DSL becuase it is over a shared medium. I connected to my cable modem and fired up my packet sniffer. I did not see anyone elses traffic on the line so i am assuming the bandwith is shared( a known fact about cable access) but is somehow filtered at the cable modem(bridge). Does anyone know if this assumption is true and the inside details of the how data is transmitted over the cable network? A link to a whitepaer would be great. thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38705t=38705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is cable network really a shared medium? [7:38705]
depending on the carrier, docsis could be implemented...I have not tcpdumped my current connection (through att) but I believe att does filter. a quick search on google yielded some docsis info but I didn't see whether or not it was done at the modem or the switch. I'm guessing the latter. I would hate to think I could go out and by any modem I wanted to and change the way att does business... :) -Patrick sam sneed 03/18/02 02:56PM I just changed services from DSL to cable modem. I have heard from people, including verizon, that cable is not as secure as DSL becuase it is over a shared medium. I connected to my cable modem and fired up my packet sniffer. I did not see anyone elses traffic on the line so i am assuming the bandwith is shared( a known fact about cable access) but is somehow filtered at the cable modem(bridge). Does anyone know if this assumption is true and the inside details of the how data is transmitted over the cable network? A link to a whitepaer would be great. thanks Confidentiality Disclaimer This email and any files transmitted with it may contain confidential and /or proprietary information in the possession of WellStar Health System, Inc. (WellStar) and is intended only for the individual or entity to whom addressed. This email may contain information that is held to be privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized access, dissemination, distribution or copying of any information from this email is strictly prohibited, and may subject you to criminal and/or civil liability. If you have received this email in error, please notify the sender by reply email and then delete this email and its attachments from your computer. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38714t=38705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is cable network really a shared medium? [7:38705]
At 02:56 PM 3/18/02, sam sneed wrote: I just changed services from DSL to cable modem. I have heard from people, including verizon, that cable is not as secure as DSL becuase it is over a shared medium. I connected to my cable modem and fired up my packet sniffer. I did not see anyone elses traffic on the line so i am assuming the bandwith is shared( a known fact about cable access) but is somehow filtered at the cable modem(bridge). Presumably, you are using an Ethernet packet sniffer? The shared medium is on the cable modem side and is RF, not Ethernet. So, you're not going to see your neighbor doing e-mail or surfing the Web or whatever with your Ethernet sniffer. The traffic traverses the shared coax cable and probably hits a hybrid fiber coax (HFC) node at some point and goes over fiber to the head-end where it gets converted to Ethernet or whatever and shipped off to the destination. Your sniffer won't see this. On the other hand, you may see your neighbors' broadcasts, depending on the architecture of the cable provider's network. If it's a Layer 2 architecture without filtering, you may see broadcasts. There are stories about people using the Windows network neighborhood and seeing neighbor's computers and printers. I think most providers have cleaned this up though. That's a way over-simplified answer, but a couple pieces of the puzzle. Hopefully someone else will answer too. More info here too: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/cable.htm Priscilla Does anyone know if this assumption is true and the inside details of the how data is transmitted over the cable network? A link to a whitepaer would be great. thanks Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38716t=38705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Is cable network really a shared medium? [7:38705]
Sam, You can check out the DOCSIS standards here: http://www.cablemodem.com/ (check out the specifications section) You should, at a minimum, see broadcasts from the other devices on your cable network. Mostly you will see arp broadcasts, but some Windows users on raw cable may still be out there. Here's a quick snip of what I see if I sniff my connection (this is using snoop on solaris): 10.10.104.1 - (broadcast) ARP C Who is 10.10.107.250, 10.10.107.250 ? 12.220.96.1 - (broadcast) ARP C Who is 12.220.97.204, 12.220.97.204 ? 12.220.96.1 - (broadcast) ARP C Who is 12.220.98.16, 12.220.98.16 ? 10.10.100.1 - (broadcast) ARP C Who is 10.10.103.128, 10.10.103.128 ? 12.220.100.1 - (broadcast) ARP C Who is 12.220.100.226, 12.220.100.226 ? (and much more of the same) HTH, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of sam sneed Sent: Monday, March 18, 2002 11:57 AM To: [EMAIL PROTECTED] Subject: Is cable network really a shared medium? [7:38705] I just changed services from DSL to cable modem. I have heard from people, including verizon, that cable is not as secure as DSL becuase it is over a shared medium. I connected to my cable modem and fired up my packet sniffer. I did not see anyone elses traffic on the line so i am assuming the bandwith is shared( a known fact about cable access) but is somehow filtered at the cable modem(bridge). Does anyone know if this assumption is true and the inside details of the how data is transmitted over the cable network? A link to a whitepaer would be great. thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38720t=38705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Is cable network really a shared medium? [7:38705]
i guess you are right that there is some sort of filtering being done. because the arp command gives the same physical address of the hosts in my subnet. Internet Address Physical Address Type 211.16.12.1 00-05-5f-ee-e0-54 dynamic 211.16.13.14 00-05-5f-ee-e0-54 dynamic for all other hosts as well the physical address is same as above. I guess the physical address is of the access server that out host is connecting to (or rather for the same subnet all hosts connect to this same access server, could be a dhcp server as well). i guess it is a switched environment. but still the physical address for different hosts should show up as different. anyone knows what is going on here --- sam sneed wrote: I just changed services from DSL to cable modem. I have heard from people, including verizon, that cable is not as secure as DSL becuase it is over a shared medium. I connected to my cable modem and fired up my packet sniffer. I did not see anyone elses traffic on the line so i am assuming the bandwith is shared( a known fact about cable access) but is somehow filtered at the cable modem(bridge). Does anyone know if this assumption is true and the inside details of the how data is transmitted over the cable network? A link to a whitepaer would be great. thanks [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Sports - live college hoops coverage http://sports.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=38740t=38705 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
