OK,been trying to get name resolution straight in my head.this is basically how i understand it,please let me know where i am wrong or have missing info.

So say we start with a ping:

ping computername - Netbios,WINS or DNS resolves the name to an ip address.

once i have the ip next i need a MAC address so ARP broadcasts and gets back a MAC.

Now finally my network card sends out the ping packets.depending on if i'm connected to a switch or hub the following will occur.If a hub it then broadcasts to find the destination MAC address and away it goes.If a switch it checks its lookup table and sends my packet directly to the correct node.

...and a question,ARP broadcasting.The broadcast packets hit a switch but the switch doesn't contain an entry in its table,the switch forwards the broadcast?where to ?how long does this go on for?

Sorry going off subject,thanks anyway.

when the switch receives the broadcast frame it sends it out all ports

I'm a little rusty but here's something that should help

Skipping the name resolution part and moving on after the ip address has been returned. The ip is matched to the subnet mask to determine if the location is local or remote, if remote, the packet is sent out the default gateway to the the next router hop and on and on until it reaches the end destination. When the target machines responds back, it's mac is in the TCP packet.

If you catch a straight arp packet, it's an arp to the local network saying, "Who has IP so and so" If a local machine has it, it responds back "I do..heres my MAC"

It's a broadcast so it does not get passed through a router, switches will pass it and once the target responds back, the mac is kept in the switch cache. Switches pass broadcasts since they are a layer 2 device

Google for ethereal, a free sniffer, then you can capture your tests as you run lookups and pings

Thanks folks,

installing ethereal now,as for arp ,yeah that makes sense using the subnet.
So the router will just send the packet on to the next router but won't broadcast over the external side.But once the receiving router gets the packet it should send the packet on to its own switch or switches?they in turn broadcast and on it goes.

Found this if anyone is interested,it's v simple and clear How LAN Switches Work

Hello again,

Just been playing around with ethereal,very good tool.
its excellent you can see the traffic going from nbns query to nbns resonse to arp query to arp response.

for some reason it displays the arp request after the arp response but you can see whats going on

Even saw my email pop traffic going to and fro along with my clear text password!Tried it in promiscuous mode but i'm on a switch so I can only see traffic on my node.

Anyone know how that holds on a dial up or dsl connection? now I am way off topic,think I'll start another thread.

BTW I found the official ethereal guide but are there any created for and by users around?

Cheers

The router never really sees the switch(s) nor cares about it since it's operating at a higher layer