Host to Host through a Switch

This article is a part of a series on Packet Traveling — everything that happens in order to get a packet from here to there. Use the navigation boxes to view the rest of the articles.


Packet Traveling

In the last article, we looked at everything that happens for two hosts to communicate directly with one another. In this article, we will add a common network device: a switch. We will take a look at what happens for communication from Host to Host through a Switch.

This article will be the practical application of everything that was discussed when we looked at a Switch as a key player in packet traveling. It might be worth reviewing that section before proceeding.

We will start by looking at the individual switch functions, and then take a look at an animation which shows their collaborative operation.

Switch Functions

A Switch primarily has four functions: Learning, Flooding, Forwarding, and Filtering:


Being a Layer 2 device, a Switch will make all its decisions based upon information found in the L2 Header. Specifically, a Switch will use the Source MAC address and Destination MAC address to make its forwarding decisions.

One of the goals of the Switch is to create a MAC Address Table, mapping each of its switchports to the MAC address of the connected devices.

The MAC address table starts out empty, and every time a Switch receives anything, it takes a look at the Source MAC address field of the incoming frame. It uses the Source MAC and the switchport the frame was received on to build an entry in the MAC Address Table.

Sooner or later, as each connected device inevitably sends something, the Switch will have a fully populated MAC Address Table. This table can then be used to smartly forward frames to their intended destination.


However, despite the learning process above, it is unavoidable that a Switch will at some point receive a frame destined to a MAC address of which the Switch does not know the location.

In such cases, the Switch’s only option is to simply duplicate the frame and send it out all ports. This action is known as Flooding.

Flooding assures that if the intended device exists and if it is connected to the switch, it will definitely receive the frame.

Of course, so will every other device connected to that particular Switch. And though not ideal, this is perfectly normal. The NIC of each connected device will receive the frame and take a look at the Destination MAC address field. If they are not the intended recipient, they will simply silently drop the frame.

If they are the intended device, however, then the Switch can rest satisfied knowing it was able to deliver the frame successfully.

Moreover, when the intended device receives the frame, a response will be generated, which when sent to the Switch will allow the switch to learn and create a MAC Address Table mapping that unknown device to its switchport.


Ideally, of course, the Switch will have an entry in its MAC Address Table for every Destination MAC it comes across.

When this happens, the Switch happily forwards the frame out the appropriate switchport.

There are three methods by which a Switch can forward frames. They are briefly described below.

  • Store and Forward – The Switch copies the entire frame (header + data) into a memory buffer and inspects the frame for errors before forwarding it along. This method is the slowest, but allows for the best error detection and additional features like prioritizing certain types of traffic for faster processing.
  • Cut-Through – The Switch stores nothing, and inspects only the bare minimum required to read the Destination MAC address and forward the frame. This method is the quickest, but provides no error detection or potential for additional features.
  • Fragment Free – This method is a blend of the prior two. The Switch inspects only the first portion of the frame (64 bytes) before forwarding the frame along. If a transmission error occurred, it is typically noticed within the first 64 bytes. As such, this method provides “good enough” error detection, while gaining the speed and efficiency of avoiding storing the entire frame in its memory before forwarding it.

It is worth pointing out that these three methods were at one point very significant when Switch technologies were newer and switching induced noticeable latency. In modern days, with line-speed switching, the difference in speed between these three is negligible, and most switches operate in Store and Forward mode.


And finally, the last function of the switch is filtering. Mainly, this function states that a Switch will never forward a frame back out the same port which received the frame.

Most commonly, this happens when a Switch needs to flood a frame — the frame will get duplicated and sent out every switchport except the switchport which received the frame.

Rarely, a host will send a frame with a destination MAC address of itself. This is usually a host experiencing some sort of error condition or being malicious. Either way, when this happens, the Switch simply discards the frame.


Switch Operation

Now that we’ve looked at each of the individual functions of a Switch, we can look at them in action. The animation below includes a Switch going through all four functions as it processes traffic.

Ordinarily, the hosts in the animation below would need to perform an ARP resolution, but for the sake of focusing on the Switch’s operation, we will omit ARP and proceed as if all the hosts already knew each other’s IP and MAC addresses.

Host to Host through a Switch - Switch Functions animation

Host A has “something” to send to Host B. The contents of the “something” is entirely irrelevant, so long as its understood that the frame has a L2 header which includes a Source and Destination MAC address.

Initially, the MAC Address Table of the Switch is empty. Remember, it only gets populated when a frame is received.

When Host A sends the frame to the switch, it includes a Source MAC address of aaaa.aaaa.aaaa. This prompts the Switch to learn a MAC Address Table entry mapping Port 1 to MAC Address aaaa.aaaa.aaaa.

Then, when deciding how to forward the frame, the Switch realizes there is no entry for bbbb.bbbb.bbbb. This leaves the Switch only one option: duplicate and flood the frame out all ports. Notice the frame was duplicated out all ports, except Port 1 (the port it came in on) – this is an example of the Switch performing its filtering function.

This frame will then be received by Host C and Host B. Host C, when inspecting the L2 header will realize the frame is not intended for them and will simply discard it. Conversely, when Host B receives the frame and realizes they indeed are the intended recipient, they will accept the frame and generate a response.

When the response arrives on the Switch, another MAC Address Table mapping can be learned: Port 2 contains the MAC address bbbb.bbbb.bbbb.

Then the Switch looks up the Destination MAC address (aaaa.aaaa.aaaa) and realizes this address exists out Port 1. The Switch can then simply forward the frame, since it knows the location of the Destination MAC address.

The animation above illustrate the four switch functions on a single switch. To see how the process scales to multiple switches, check out this article.



There is often some confusion about a switch in regards to a Broadcast and a Switch’s flooding behavior. The confusion is understandable, because the end result is the same, but it is also important to understand the distinction.

A Broadcast frame is a frame which is addressed to everyone on the local network. This is done using the same Ethernet header we’ve been discussing, except the Destination MAC address field is populated with a special address: ffff.ffff.ffff. The “all F’s” address is specially reserved for the purpose of broadcasting.

By definition, if the Switch ever encounters a packet with a destination MAC of ffff.ffff.ffff, it will always flood the frame (after learning the Source MAC, of course).

Another way of looking at it, is since the address ffff.ffff.ffff is reserved, the switch is unable to learn a MAC Address Table mapping for it. As such, any frame destined to this MAC address will always be flooded.

In summary, a Broadcast is a frame addressed to everyone on the local network (ffff.ffff.ffff), and Flooding is an action a switch can take. A broadcast frame, by definition, will always be flooded by a switch. But a switch will never broadcast a frame (since broadcasting is not a function of a switch).

This article intentionally omits the Address Resolution Protocol (ARP) in order to focus purely on the actions of a Switch. ARP is a function of the client, and will never be performed by the switch itself. It is assumed that the clients in the animation above already know each other’s MAC address. To learn more about ARP, check out this video.


Series Navigation

Host to Host Communication >>Host to Host through a Router >>

4.6 11 votes
Article Rating
Notify of
Newest Most Voted
Inline Feedbacks
View all comments

To some extent i was interested to know more about what will happen when the switch receive a frame address to a new host that is not in the mac address table?

Can I get deep explanation about this(To some extent i was interested to know more about what will happen when the switch receive a frame address to a new host that is not in the mac address table?)

thankq sir

This comment is for the line…”Then the Switch looks up the Destination MAC address (aaaa.aaaa.aaaa) and realizes this address exists out Port 1. The Switch can then simply forward the frame, since it knows the location of the Destination MAC address.”

I am confused now. You brought up the example of Host A sending data to Host B. The switch does not know Host B MAC address. So the switch duplicate the Frame and Broadcast it out. Everyone other hosts drops except for Host B. Host B sends the FRAM back to the switch. Switch populate its MAC Address Table.

When does Host B receive the data? From your statement, Host B sends a response to the Switch with the Destination to Host A. Switch sends data to Host A.

How does the switch send data when Host A is sending to Host B after getting the response from Host B from an empty MAC Address Table?

Thanks Ed. After I posted my commented, I continued to watch the YouTube Video that you made. That video made me think clearly.

When Host A does not know the MAC address, it sends an ARP saying “what is the MAC address to this IP”. After the response from Host B…”Hi, I’m that IP and this is my MAC”…get back to Host A. Host A update its ARP table. Now Host A can build the frame of Source MAC and Destination MAC and send the data off.

Without the complete L2 header, data can never be sent within a network or another network. That’s my interpretation. Data can never travel when L2 is not completed.


I have one question. Since A has already sent out an ARP request broadcast to the whole LAN to ask for host B’s MAC address. When host B send a unicast ARP back to host A, switch should learn the source MAC from B by then, correct? So technically switch’s MAC table should be filled by hosts sending and receiving the ARP request/reply, correct? How come switch still doesn’t know the MAC address of host B?


I also wanted to know the process when Host A does not have the Destination MAC because it rebooted. However, the switch does have the Destination of where Host A wants to send.

For example, Host A sends data to Host B. Host A looks at its ARP table, discovers that it doesn’t have Host B. Host A sends a Broadcast. How does the Switch handle the Broadcast when the switch does have Host B MAC?

Just for more confusion on my side, what does the switch do when it doesn’t have Host B MAC as well? Does the switch duplicate the FRAM from Host A and FLOOD?

If the switch in between has been switched off and on??? Then what will happen to the packets forwarded from HOST A ???

Thank you so much. I swear that you made the subject matter in this series so friendly to understand that even a cave man will learn.

Thank you again Ed. Please write more topics when you have time of anything IT.

Thanks for the series.I wish to know how the packet flow between two switches with one host ( in one switch and another host( another switch.

Can you please explain this for me.

very nice & clear clarification. Nevertheless you need to have more drawing and videos probably…

Thank you for this, Ed. I teach networking here at the University and as much as I hate to admit it, you do a better job than I do. So… would think I would learn how to teach it better, but I am going to send them to your site instead! ;-D Then they get it two ways instead of one…..much better. Thank you again.

Hi Ed,

Thanks for the wonderful article along with video, Let us know do you have the examples like this for DHCP & PPPOE protocols.


i want to receive frame from port C of a switch.when port A sends the frame to port B on the same switch.HOW??????????????


Could you kindly elaborate on this statement?

“But a switch will never broadcast a frame (since broadcasting is not a function of a switch).”


Great article. I was wondering how does the host or any device in the same network know the location of the switch? The destination ip address and MAC address is either of the router or an another host (given, its in the same network).

Can you please elaborate the difference between ARP broadcast and switch flooding.I mean if host A knows destination host B Mac address but Mac table in switch does not know about host B mac address..Then what swich will do…

Then switch will naver flood because before that when ever any host tries to send data to any other host,it will broadcast ARP and from that swich will learn source Mac and it’s port no.And from ARP response it will learn destination Mac with it’s port no.can you please give any example where switch will flood because according to your above notes i think switch will always learn Mac with port no from ARP broadcast and unicast response

Hey Eddie,
I read this this article and was impressed with the level of detail. I took a few of your classes at the Rack! Awesome 🙂 Thanks for this.


Hi Ed,
Good article. I have some questions and I can’t find answers for them. We have one network, with 3 hosts and a switch and a router. All hosts knows MAC and IP of all hosts and the switch knows on which port are all hosts
1) What happens if host 1 sends data to host2 and someone had unplug host2 and plug it to an another port ?
2) What happens if host 1 sends data to host2 and someone has changed the IP addr of host2 by IP addr host3 (and IP addr of host3 by IP addr of host2)
3) What happens if host 1 sends data to host2 and someone has changed the MAC addr of host2 by MAC addr host3 (and MAC addr of host3 by MAC addr of host2)
Thank you

Hi Ed,

Thanks for your answer and the time you spend writing it.

1) if host 1 sends data to host2 and someone had unplug host2 and plug it to an another port
This is tricky because the switch populates the MAC address table only when the switch receives a frame. And here host2 is not sending frames. host1 continues to sends data to hosts2 and host2 is just receiving frames from host1 and someone has disconnected host2 by accident and connected it to another port without knowing. So for the switch, it sees something coming from host1 (from the good port), but switch will try do send it to the original port of host2 which have no host connected on it, so host2 will never receive it, until host2 sends a frame and switch will update his mac table
This is my understanding but I need a network teacher or network engineer to validate this

for 2) I will read your topic about gratuitous ARP

3) Here again we have the same issue, because the switch populates the MAC address table only when the switch receives a frame. So I think the switch will continue to send date to host2 until host2 send data to the switch then the switch will update his mac table. But at this point there will be an issue, because if host3 does not send data, the switch will never update its entry and will never know that it has mac addr of host2, so data will be dropped
Here again this is my understanding but I need a network teacher or network engineer to validate this

Hi! Great article and animations!
One thing puzzles me: Since Host A needs to know MAC address of Host B before sending actual data, an ARP request and response will take place, during which the switch will learn and store the MAC addresses of Host A and Host B. So, how can it be that in your example when Host A sends the actual data, the switch doesn’t already know the MAC addresses of Host A and Host B?

OK, I understand now. I’ve read 2 books about networking and your tutorial was the only thing that made everything was so simple and clear. You are very gifted at what you’re doing and your animations are superb. I’m looking forward to a tutorial about VPN. Thank you very much!

In data link layer we have frame for comminication that have a two field for MACs.We have client A with source mac aaaa.aaaa.aaaa destined to client B with bbbb.bbbb.bbbb MAC add in a cleared mac table switch.when aaaa.aaaa.aaaa received to switch and not known bbbb.bbbb.bbbb is where ,then wants to flood a frame to all port (except the port that received) for learnnig bbbb.bbbb.bbbb.
my question is which destination mac address is in destination mac address field in the frame? switch floods the frame with bbbb.bbbb.bbbb dest mac add field or with ffff.ffff.ffff ?

I’m confused because the bbbb.bbbb.bbbb is not a broadcast address , and ffff.ffff.ffff where want to sit in frame?(because we have aaaa.aaaa.aaaa as source mac and bbbb.bbbb.bbbb as destination mac in frame)

“if the Switch ever encounters a packet with a destination MAC of ffff.ffff.ffff, it will always flood the frame”

In case the Mac and IP address of host C is known, will it still flood the frame to the port where host C is connected?

Thanks for the clarification Ed.


Very good Informations here in this page highly appreciated.

But i have some Beginner question.

Something that is not clear to me yet is , How the Source computer A knows the Mac address of the Destination computer B ?

We know Computer A and B never communicated before ?

Could someone help with this ?

Thank you.

Hi Ed Harmoush

Yes i have gone through the Video and other Another part of this series which explains thew ARP request By Host A.

Thank you again for the article , it’s really helping me out. And i hope to see more Detailed and deep articles on Networking Just like this again.

Much appreciated ^^

Thank you

Hello Mr.Ed,

Thank you for this tutorial.

I have a question.Let’s suppose we only have host A and host B ,not host C .And there is a router in the example.Like thiscomment image

Since in point to point connections we do not use arp request ,how does host A find out the routers interface mac address ,host Bs mac address etc ? thank you again.

I see.I get it now.

Thank you very much again.

hi sir, I have a question suppose packet is sent from the host A which is in Lan 1 to host B which is in Lan 10, packet travels via intermediate node or switch or router … while travelling a packet from LAN 1 to LAN 10 packets can be lost/ discarded due to various reasons at that moment how re-transmission of packet is done ???

Hello Ed,

I have the most “beginnery” question for you. I understand all of the concepts in this article and through various studies but one fundamental aspect to networking irks me and I feel prevents me from moving forward!

The “scenario” or the”why” of a host needing to reach another host (for example in just a LAN topology) I fail to understand. Why would host 1 need to send “anything” to host 2? In other words, what is being sent? Other than a host needing to reach a printer, I don’t understand why PC1 would need to somehow send something directly to PC2. I guess just an example of the “what” is being sent would clear it up for me..Does my question make sense?

Thanks in advance!

we wanna send a fram from host A to host B ,which host A connected to Switch 1 and host B is connected to Switch 2,
can you explain this procedure please.

In a LAN with a link-layer switch, Host 1 wants to send a message to Host 3. Since communication is through the link-layer switch, does the switch need to have an address? Explain

Hey Ed,

Thanks for the great article. Let me get to my question straight away.

What is the difference between the following and what are the typical use cases for the same?

1. L2 Broadcast – DMAC (All Fs)
2. L3 Broadcast – DIP (
3. Directed Broadcast – DIP (say, /24)

Can you please clarify this for me and others?

Great articles! Can you clarify when Flooding is used versus when a Broadcast is used? How does a host know when to send an ARP request versus rely on the Switch to Flood the ports for the info?

Hi ED,

I Just started to follow your wonderful series and I really like them..
I have a qq:..?
How is the MAC table built in case of a Port-channel..?
Do we use Switching going out of our network (edge router) , I’m sure we do not because if we do.. there wouldn’t be a MAC Table that can be used on the internet..!! for two reasons:
1. Security
2. unreasonably huge size of MAC table.. lol.. 🙂

Thanks for these series of articles, they’re easy-to-follow and very informative for a person just getting into this!

If Host A belongs to vlan 10 and Host B belongs to Vlan 20. Host A and Host B are connected via Switch and the Switch is connected to a Router. In this case if Host A try to send data to Host B. How Mac is learnt? and how packet flow will be ?
Kindly Clarify..

In the above network diagram, IP and MAC addresses are given for network nodes. Suppose Host1 (Shahid) sends a datagram to Host2 (Khalid). What IP and MAC addresses (source and destination) will be written in IP and Data link layer headers respectively, for the following intermediate points from Host1 to Host2?
a) Host1 to Router1
b) Router1 to Router2
c) Router2 to Host2

This last sentence really confused me:
“In summary, a Broadcast is a frame addressed to everyone on the local network (ffff.ffff.ffff), and Flooding is an action a switch can take. A broadcast frame, by definition, will always be flooded by a switch. But a switch will never broadcast a frame (since broadcasting is not a function of a switch).”

After some extra research on other sites i draw the conclusion that a Broadcast originates from a Host, not a Switch??

If i’m right about this, I think this article would be even better if this fact was super clear in the text.
Why/When does a host send a Broadcast?

Hi Sir,
Thank you very much for your wonderful explanations.

I want to know how frame/packet will be travel from one host to other host having network of switches and routers.
1. How frames are handled when connected to network having multiple switches?
2.How frames is handled between switches and routers?
3.How packets are forwarded in switches ( Do they require L2 header to be added containing next router MAC address or routers do not requires any L2 headers when communicating to each others?)

I would request if you can upload some videos on how routers handles traffic?


How does 2 hosts communicate with each other with only a single switch in between.MAC addresses of both the hosts are given but IP address is not mentioned

this is wonderful post.. Thank you dear Sir

Assume that the ARP tables of both devices (laptop and Raspberry) and the MAC address table of the switch are initially empty. Your laptop will now send 3 ping requests to the IP address of the Raspberries. Describe step by step,
which messages are sent from which host and where and when the information in the various tables is updated

Thank you Ed for your brilliant in-depth illumination of ARP process.

Just one thing, I wish to clarify : The switch has the job to do flooding for the broadcast frame, rather than to initiate the broadcast frame. Whereas the Host has the job to initiate the broadcast frame.

Now, after the ARP request got initiated, the host then placed the ARP request onto the connected wire(s), allowing its ethernet LINK to take care of the actual delivery of the broadcast frames. This means the cable wire(s) will deliver the ARP request to all DIRECTLY CONNECTED neighbours. Hope my interpretation of your article was on the right track. Many thanks !

flooding will never be done when A wants to send to B. As we can see in the animation, the destination MAC was filled with that of the MAC address of B. How did A know the MAC address of B? A learnt it during the ARP protocol. So when B was sending its MAC address as a response to the ARP done by A, it had to go through the switch and then the switch would have learnt that the port on which b sits is 2. So there was no need for flooding to be done when A wants to send a message to B.