In computer networking, broadcast traffic is a type of data sent to all computers and devices on a network or subnetwork. It is used in situations where all possible network destinations need to be reached or when the address of a specific computer is unknown. A large amount of traffic can slow down or incapacitate a network, and some hackers have used it to flood a network with useless data.
Most network traffic falls into one of two categories: unicast traffic that is addressed to a single computer or multicast traffic addressed to multiple destinations. Broadcast traffic is a more unusual type of network traffic that is sent to all computers and devices on a network or portion of the network. It is transmitted to a special broadcast address that all computers in a particular network or subnetwork monitor. This type of traffic can take place on the hardware-independent network layer or on the hardware-centric physical link layer and allows a computer to reach every possible destination with a single message.
Compared to unicast and multicast traffic, broadcast traffic creates a greater volume of data packets flowing across a network at once. As a result, broadcast messages are generally limited to just a few applications where it is important to reach all computers or devices on a network. Some examples include file or print servers announcing the availability of their resources, routers searching for other nearby routers or more efficient network paths, or computers translating physical link layer addresses into the Internet Protocol (IP) address used in the network layer.
Broadcast traffic can also be very useful in situations when a particular computer needs to be reached, but its address is unknown. One very common network protocol that uses traffic in this way is the Dynamic Host Configuration Protocol (DHCP) that allows computers to automatically retrieve network settings from a server. When a computer using this protocol is connected to a new network, it broadcasts a “DHCP Discover” message asking the DHCP server to identify itself and provide information about the network.
Every machine on a network must accept and process broadcast traffic, so a misconfigured or malicious application can adversely affect network performance. Broadcast traffic can also be used in an denial of service attack designed to flood a target network with meaningless data and make it unavailable to legitimate communications. One such attack, known as broadcast amplification or “smurfing,” uses ping requests sent to a broadcast address from a spoofed address to create an snowball effect of replies and error responses. Most routers now have safeguards to protect against this vulnerability, but a poorly configured network may still be at risk.