What is IGMP snooping?

The Internet Group Management Protocol (IGMP) is used to set up multicasting groups. IGMP snooping allows network switches to be aware of these groups and forward network traffic accordingly.

Learning Objectives

After reading this article you will be able to:

  • Define 'IGMP snooping'
  • Understand why IGMP snooping is necessary
  • Learn how IGMP snooping conserves bandwidth

Copy article link

What is IGMP snooping?

IGMP snooping is a method that network switches use to identify multicast groups, which are groups of computers or devices that all receive the same network traffic. It enables switches to forward packets to the correct devices in their network.

The Internet Group Management Protocol (IGMP) is a network layer protocol that allows several devices to share one IP address so they can all receive the same data. Networked devices use IGMP to join and leave multicasting groups, and each multicasting group shares an IP address.

However, most network switches cannot see which devices have joined multicasting groups, since they do not process network layer protocols. IGMP snooping is a way around this: it allows switches to "snoop" on IGMP messages, even though they technically belong to a different layer of the OSI model. IGMP snooping is not a feature of the IGMP protocol, but is rather an adaptation built into some network switches.

What is a network switch?

A network switch connects devices within a network and forwards data packets to and from those devices (also known as "hosts"). Unlike a router, a switch does not forward packets between networks; it only forwards packets within a network.

What is the network layer? What is the data link layer?

The processes that make the Internet work are divided into different layers. The OSI model is one standard way to define the different networking layers. The OSI model contains 7 layers. The data link layer and the network layer are layers 2 and 3, respectively.


Networking protocols and equipment are partially defined by which layer they belong to. The functions of networking equipment are limited by the layers that the equipment can interact with. A layer 2 switch does not process layer 3 protocols.

IGMP snooping circumvents this limitation. Layer 2 switches observe layer 3 IGMP traffic, and use this visibility to create a table that tracks multicast groups.

What are the benefits of IGMP snooping?

Prevents traffic floods: If a switch is unaware of which devices belong to multicast groups, it will simply forward all multicast traffic it receives. The result is that devices on the network receive far more traffic than they need to. They have to dedicate computing power to processing these unwanted packets, slowing down normal functions or stopping them altogether.

If a network does not enable IGMP snooping, attackers could exploit this fact in a denial-of-service (DoS) attack. By sending unnecessary multicast traffic that the network switches then forward across the network, an attacker can tie up network bandwidth and processing power. (Learn more about layer 3 DDoS attacks.)

Makes networks faster: The more traffic that travels across a network, the less bandwidth the network has. IGMP snooping conserves bandwidth by cutting down on the amount of traffic that switches forward. This leaves more bandwidth available, making the network faster.

Does IGMP snooping work with IPv6 networks?

IGMP is the protocol for multicasting for IPv4, the fourth version of the Internet Protocol. IPv6 relies on Multicast Listener Discovery (MLD) for multicasting. IPv6 networks use MLD snooping rather than IGMP snooping.