Why Two Types of Broadcast IP Exist and How They Differ in Practice
This article explains the two kinds of broadcast IP addresses—local broadcast (255.255.255.255) and directed broadcast (e.g., 10.1.1.255)—detailing their Layer‑2 and Layer‑3 behaviors, packet structures, Wireshark analysis, security implications, and how they are used in real networks.
There are two types of broadcast IP addresses: a local broadcast address and a directed broadcast address. While both provide similar functionality in most modern networks, the directed broadcast adds the ability to reach all hosts in an external subnet.
Layer 2 Broadcast
Layer 2 broadcast uses the destination MAC address FF:FF:FF:FF:FF:FF (also written as FFFF.FFFF.FFFF or ff-ff-ff-ff-ff-ff). Any node can set this MAC address in an Ethernet frame to send the frame to every device on the local LAN. Switches flood frames with this MAC out all ports except the one on which the frame was received.
Layer 3 Broadcast
Layer 3 broadcast is achieved by setting a special IP address as the destination. Two options exist: the local broadcast address and the directed broadcast address (sometimes called targeted broadcast).
Local Broadcast
The local broadcast IP address is 255.255.255.255. A host can use this address to send a packet to every node in its own subnet, including the router.
Host1# ping 255.255.255.255
PING 255.255.255.255 (255.255.255.255): 56 data bytes
64 bytes from 10.1.1.11: icmp_seq=0 ttl=64 time=0.044 ms
64 bytes from 10.1.1.33: icmp_seq=0 ttl=64 time=0.944 ms (DUP!)
64 bytes from 10.1.1.22: icmp_seq=0 ttl=64 time=1.108 ms (DUP!)
64 bytes from 10.1.1.1: icmp_seq=0 ttl=255 time=1.324 ms (DUP!)
--- 255.255.255.255 ping statistics ---
1 packets transmitted, 1 packets received, 3 duplicates, 0% packet loss
rtt min/avg/max = 0.044/0.855/1.324 msIn the capture, the packet’s destination IP is 255.255.255.255 and the destination MAC is ff:ff:ff:ff:ff:ff, making it both an L2 and L3 broadcast.
Directed Broadcast
A directed broadcast address targets all hosts in a specific subnet. For example, in the subnet 10.1.1.0/24, the directed broadcast address is 10.1.1.255. Hosts can ping this address to reach every device in that subnet.
Host1# ping 10.1.1.255
PING 10.1.1.255 (10.1.1.255): 56 data bytes
64 bytes from 10.1.1.11: icmp_seq=0 ttl=64 time=0.046 ms
64 bytes from 10.1.1.33: icmp_seq=0 ttl=64 time=0.615 ms (DUP!)
64 bytes from 10.1.1.22: icmp_seq=0 ttl=64 time=0.835 ms (DUP!)
64 bytes from 10.1.1.1: icmp_seq=0 ttl=255 time=1.261 ms (DUP!)
--- 10.1.1.255 ping statistics ---
1 packets transmitted, 1 packets received, 3 duplicates, 0% packet loss
rtt min/avg/max = 0.046/0.689/1.261 msWireshark may not label this packet as a broadcast unless it knows the subnet mask, which explains why the same address can be interpreted as a host address in a different mask (e.g., /22).
Directed Broadcast to an External Network
Each IP network has its own broadcast address. A host can use the broadcast address of a remote subnet to reach all hosts there. In the example, Host 1 sends a ping to 10.3.3.127, the broadcast address of the 10.3.3.0/25 network, and receives replies from four devices (router R3 and three hosts).
Host1# ping 10.3.3.127
PING 10.3.3.127 (10.3.3.127): 56 data bytes
64 bytes from 10.2.3.3: icmp_seq=0 ttl=253 time=1.171 ms
64 bytes from 10.3.3.66: icmp_seq=0 ttl=61 time=3.683 ms (DUP!)
64 bytes from 10.3.3.55: icmp_seq=0 ttl=61 time=7.340 ms (DUP!)
64 bytes from 10.3.3.44: icmp_seq=0 ttl=61 time=9.838 ms (DUP!)
--- 10.3.3.127 ping statistics ---
1 packets transmitted, 1 packets received, 3 duplicates, 0% packet loss
rtt min/avg/max = 1.171/5.508/9.838 msAlthough Host 1 treats the address as a regular IP, routers along the path recognize it as a directed broadcast and convert the unicast packet into a broadcast, causing the packet to be delivered to every node in the target subnet.
Security Considerations
Sending packets to every host on an external network is a security risk. Directed broadcast was created when the Internet was more trusted, but modern operating systems and routers often disable it by default. To enable it, the Cisco router must have the ip directed-broadcast command, and a Linux host must set /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts to 0.
Summary
The article covered Layer 2 and Layer 3 broadcast concepts, clarified the differences between local broadcast ( 255.255.255.255) and directed broadcast (e.g., 10.1.1.255), demonstrated packet captures for both, and highlighted the security implications of using directed broadcasts.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Open Source Linux
Focused on sharing Linux/Unix content, covering fundamentals, system development, network programming, automation/operations, cloud computing, and related professional knowledge.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.