Network Sniffing and Hubs

Posted by Chris_K on Server Fault See other posts from Server Fault or by Chris_K
Published on 2011-02-27T14:59:27Z Indexed on 2011/02/27 15:26 UTC
Read the original article Hit count: 214

This will likely seem naive to the experts... but it has been on my mind lately.

For years I've been using ntop and a cheap 4 port hub to sniff client networks to determine who's doing what -- and how much. Great way to see what's going on when they call and say "Geeze, the network seems really slow today." No need to bring in a managed switch (or access the existing one) and no need to configure spanning or mirroring. I just drop in the hub inline where I want to measure.

Lately I noticed it is just about impossible to buy a real honest-to-goodness hub anymore. While looking for a new one, I had someone tell me that I should be sure to get a full-duplex hub or I'd only be seeing half the traffic when I monitor.

Really?

I've been using a crusty old Netgear DS104 all this time. No clue if it is half or FD. Have I really been understating my measurements? I'm just not bright enough about the physical layer to really know...

Side note: Just ordered a Dualcomm Ethernet Switch TAP as a hub replacement. Seems like a nifty gadget. Any notes or tips about it would be welcome in the comments :-)

© Server Fault or respective owner

Related posts about networking

Related posts about network-monitoring