From owner-freebsd-hackers@FreeBSD.ORG Fri Sep 9 20:44:57 2005 Return-Path: X-Original-To: hackers@freebsd.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 120B816A41F for ; Fri, 9 Sep 2005 20:44:57 +0000 (GMT) (envelope-from peterjeremy@optushome.com.au) Received: from mail10.syd.optusnet.com.au (mail10.syd.optusnet.com.au [211.29.132.191]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4367143D53 for ; Fri, 9 Sep 2005 20:44:56 +0000 (GMT) (envelope-from peterjeremy@optushome.com.au) Received: from server.vk2pj.dyndns.org (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail10.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id j89KirDb001183 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Sat, 10 Sep 2005 06:44:54 +1000 Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by server.vk2pj.dyndns.org (8.13.4/8.13.4) with ESMTP id j89Kir95089614; Sat, 10 Sep 2005 06:44:53 +1000 (EST) (envelope-from peter@server.vk2pj.dyndns.org) Received: (from peter@localhost) by server.vk2pj.dyndns.org (8.13.4/8.13.1/Submit) id j89Kirrn089613; Sat, 10 Sep 2005 06:44:53 +1000 (EST) (envelope-from peter) Date: Sat, 10 Sep 2005 06:44:53 +1000 From: Peter Jeremy To: "Ryan P. Sommers" Message-ID: <20050909204453.GA89302@server.vk2pj.dyndns.org> References: <20050909181841.GB22781@odin.ac.hmc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i Cc: hackers@freebsd.org Subject: Re: "Smart" Hubs X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Sep 2005 20:44:57 -0000 On Fri, Sep 09, 2005 at 02:44:56PM -0400, Daniel Eischen wrote: >On Fri, 9 Sep 2005, Brooks Davis wrote: >> > On Fri, Sep 09, 2005 at 08:39:30AM -0600, Ryan P. Sommers wrote: >> > > Hub in question is a linksys NH1005 v2. >> > > >> > > PS If anyone knows of a hub that's "easy" to find and still is an actuall >> > > good 'ol hub, let me know. ... >> Alternativly, if you can get your hands on a second ethernet port for >> your sniffer box, make a passive tap: > >I came in kinda late to this thread, but if you're trying to find >a hub/switch in order to sniff network traffic, then you can always >go for a switch that let's you monitor traffic on other ports. >I know the Cisco's will let you do this, but I'd be suprised if >you couldn't find it on some other cheaper switches. I think most managed switches let you do this. The keyword being "managed" and a managed switch is always going to be far more expensive than a hub. This is mostly useful if you already have the infrastructure in place and just want to look at one of the systems attached to the switch. Note that both hubs and port cloning imply bandwidth limitations: All the traffic to and from the target system has to be transmited to your sniffer on a single link. This limits you to half-duplex speed. Depending on your requirements, this may or may not be a problem. If it is, you are going to be very careful about specifying and configuring your sniffer box to make sure it can actually handle the traffic load. Overall, I also recommend using dual NICs to create a passive tap. -- Peter Jeremy