Multicast snooping helps switches and internet routers to efficiently deliver multicast data streams to the desired destination(s). How valuable this support is becomes clear when a filtering method of multipoint transmission is missing: the incoming multicast packets are then sent to all hosts of the network that the switch or internet router reaches. In larger networks, especially, this approach ensures unnecessarily high traffic, which can even lead to network congestion. Criminals can take advantage of this and flood individual hosts or the entire network with multicast packets to bring them down, just like a classic DoS/DDoS attack.
With IGMP snooping enabled, overload problems and attacks like these won’t be cause for concern. All network hosts only receive multicast traffic for which they have previously registered via group request. The use of this eavesdropping technology is therefore worthwhile wherever applications are used that require a great deal of bandwidth. Examples include IPTV and other streaming services as well as web conference solutions. Networks in which there are only a few subscribers and hardly any multicast traffic, however, do not benefit from the filter procedure. Even if the switch or router offers the multicast snooping feature, it should remain off in this case to prevent unnecessary eavesdropping.