Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Looking for good hub

from [Rich Adamson] Network Security [Permanent Link]
Subject: Re: [Snort-users] Looking for good hub
Date: Tue, 28 Sep 2004 02:28:47 -0600 
Can anybody suggest a good hub to sniff with?   I have found out the some
of the "hubs" are just cheap switchs with very small arp cache.  I need a
least 4 ports.  I had been using the one from HP but, they stopped making
them.  BTW the linksys hubs are switchs.


*ALL* 10/100 dual-speed hubs must have some switching behavior, no matter
who makes it.

It's physically impossible to be dual speed and not switch. If you think
about passively repeating all traffic from a 100mbit segment into a

10-mbit

segment.. You'll be speed limited by the 10mbit segment, thus you'll be
relegated to being a 10mbit hub not a dual speed.

Some dual-speed hubs behave like a 10mbit hub and a 100mbit hub connected
by a two-port switch. Thus, if all ports are the same rate, it's a hub.
However, these are not common anymore. It's much more common nowdays for
"dual speed hubs" to be switches that don't support full-duplex and have

small


If you want a pure passive hub, you're going to have to get a single-speed
one, and these are becoming more and more rare. I keep an eye on
liquidators like www.compgeeks.com. A while back they had a batch of old
3com 100mbit pure-passive single-speed hubs in and I got one for about

$15.

I also got a 10mbit hub at the same time.

Although more costly, it's getting to the point where it's much easier to
find a low-end 10/100 managed switch that has SPAN capabilities, such as
the Cisco catalyst 2950 12pt (about $500 ) .


I just got my hands on a Entrasys (Cabletron) ELS100-TXM 24 port 10/100
switch with 802.1q and port mirror
capability for the whopping sum of $85.00 US (inc. fed ex ground shipping),
and it will sniff all the traffic ya
want, along with VLANS, CoS, QoS, Trunking, etc...


There's a reason why that specifc model is selling for that price. Its
got some serious issues with the software that Entrasys has never addressed
(and never will). I wouldn't install that switch in a production network 
even if it was free. Home use, maybe.





-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-users] snort and pflog, Zeus N/A
Next by Date:  [Snort-users] Snort Tool Evaluation, Jo
Previous by Thread:  Re: [Snort-users] Looking for good hub, Bill Parker
Next by Thread:  Re: [Snort-users] Looking for good hub, Glenn Forbes Fleming Larratt
Indexes:  [Date] [Thread] [Top] [All Lists]