Broadcast traffic is data sent to all devices on a network, used when all destinations need to be reached or a specific address is unknown. It can slow down or disable a network and be used in denial of service attacks. DHCP is a common protocol that uses broadcast traffic. Misconfigured or malicious applications can negatively impact network performance.
In computer networks, broadcast traffic is a type of data sent to all computers and devices on a network or subnetwork. It is used in situations where all possible network destinations need to be reached or when the address of a specific computer is unknown. A large amount of traffic can slow down or disable a network, and some hackers have used it to flood a network with useless data.
Most network traffic falls into one of two categories: unicast traffic addressed to a single computer or multicast traffic addressed to multiple destinations. Broadcast traffic is a more unusual type of network traffic sent to all computers and devices on a network or part of a network. It is broadcast to a special broadcast address that all computers in a particular network or subnetwork monitor. This type of traffic can occur on the hardware-independent network layer or the hardware-centric physical link layer, and allows a computer to reach every possible destination with a single message.
Compared to unicast and multicast traffic, broadcast traffic creates a higher volume of data packets traversing a network simultaneously. As a result, broadcast messages are usually limited to a few applications where reaching all computers or devices on the network is important. Some examples include file or print servers announcing the availability of their resources, routers searching for other nearby routers or more efficient network locations, or computers translating physical link layer addresses into the Internet Protocol (IP) address used in network level.
Broadcast traffic can also be very useful in situations where a particular computer needs to be reached, but its address is unknown. A very common network protocol that uses traffic in this way is Dynamic Host Configuration Protocol (DHCP) which allows computers to automatically retrieve network settings from a server. When a computer using this protocol is connected to a new network, it broadcasts a “DHCP Discover” message asking the DHCP server to identify itself and provide information about the network.
Every machine on a network must accept and process broadcast traffic, so a misconfigured or malicious application can negatively impact network performance. Broadcast traffic can also be used in a denial of service attack designed to flood a target network with meaningless data and make it unavailable for legitimate communications. One such attack, known as broadcast amplification or “smurfing,” uses ping requests sent to a broadcast address from a spoofed address to create a snowball effect of responses and error responses. Most routers now have safeguards in place to protect against this vulnerability, but a poorly configured network may still be at risk.
Protect your devices with Threat Protection by NordVPN
