What Is IGMP Snooping?

Internet Group Management Protocol (IGMP) snooping sounds like an invasion of privacy or a type of hacking attack, but it is actually an important feature in multimedia broadcasts. IGMP snooping aims to decrease broadband and memory usage, and helps a broadcast remain powerful by limiting the amount of receivers that see the broadcast. Without IGMP snooping, every computer connected to the computer making the broadcast would receive the video and audio, which could put tremendous pressure on the server. By exploiting this snooping technique, a hacker can cause a denial of service (DOS) attack.

When a computer or server makes a multimedia broadcast, without the use of IGMP snooping, the broadcast is sent to everyone connected to the host computer. This may be nothing for a small network but, for larger networks, this means a massive number of computers can link to the broadcast. When so many computers are listening to the stream, a huge amount of memory is needed to keep the audio and video going. This will lead to reduced quality, poor transmission and possibly even broadcast failure.

With IGMP snooping enabled, a switch is turned on so only certain receivers get the broadcast. The network administrator can set this, and the memory needs of the broadcast are greatly reduced. This is because the receivers and computers receiving the broadcast, rather than the broadcasting computer and its associated network, handle the memory needs.

If a host wants to join the stream, then the administrator will have to grant the host access. When added, the Internet protocol (IP) address of the network will be displayed, thus identifying the network. This identification helps because, in case the network attempts an attack or if something goes wrong with the network, the administrator can then refuse further access. If the host leaves, the IP address will be removed from the list until the administrator grants access again.

A hacker can exploit the IGMP snooping technique with a denial of service (DOS) attack. A DOS attack makes computer resources unavailable, meaning the network’s service can no longer be used. Flooding a network does this most often. With an IGMP exploit, the hacker will send countless connections to the stream, and the administrator would find it impossible to sort real requests from fake ones. If the snooping is set to allow any connection, then all of the network’s memory would be eaten up by the numerous requests.