Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 10 Sep 2005 06:44:53 +1000
From:      Peter Jeremy <peterjeremy@optushome.com.au>
To:        "Ryan P. Sommers" <ryans@rpsommers.com>
Cc:        hackers@freebsd.org
Subject:   Re: "Smart" Hubs
Message-ID:  <20050909204453.GA89302@server.vk2pj.dyndns.org>
In-Reply-To: <Pine.GSO.4.43.0509091440500.8605-100000@sea.ntplx.net>
References:  <20050909181841.GB22781@odin.ac.hmc.edu> <Pine.GSO.4.43.0509091440500.8605-100000@sea.ntplx.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 09, 2005 at 02:44:56PM -0400, Daniel Eischen wrote:
>On Fri, 9 Sep 2005, Brooks Davis wrote:
>> > On Fri, Sep 09, 2005 at 08:39:30AM -0600, Ryan P. Sommers wrote:
>> > > Hub in question is a linksys NH1005 v2.
>> > >
>> > > PS If anyone knows of a hub that's "easy" to find and still is an actuall
>> > > good 'ol hub, let me know.
...
>> Alternativly, if you can get your hands on a second ethernet port for
>> your sniffer box, make a passive tap:
>
>I came in kinda late to this thread, but if you're trying to find
>a hub/switch in order to sniff network traffic, then you can always
>go for a switch that let's you monitor traffic on other ports.
>I know the Cisco's will let you do this, but I'd be suprised if
>you couldn't find it on some other cheaper switches.

I think most managed switches let you do this.  The keyword being
"managed" and a managed switch is always going to be far more
expensive than a hub.  This is mostly useful if you already have
the infrastructure in place and just want to look at one of the
systems attached to the switch.

Note that both hubs and port cloning imply bandwidth limitations: All
the traffic to and from the target system has to be transmited to your
sniffer on a single link.  This limits you to half-duplex speed.

Depending on your requirements, this may or may not be a problem.  If
it is, you are going to be very careful about specifying and
configuring your sniffer box to make sure it can actually handle the
traffic load.

Overall, I also recommend using dual NICs to create a passive tap.

-- 
Peter Jeremy



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050909204453.GA89302>