[Snort-users] Is it really a HUB?

Matt Kettler mkettler at ...4108...
Wed Nov 26 10:48:07 EST 2003


At 12:57 PM 11/26/2003, Petriz, Pablo wrote:
>- Built-in high-speed bridge function automatically connects 10BaseT and
>100BaseT
>workstations without an external switch or router.
>- Embedded switch supports store-and-forward switching and filtering and
>forwarding
>rate at full-wire speed.
>
>So i don't know if snort will see all the traffic on it...

No, it won't...

auto-bridging means that (at least) the transition between 10mbit and 
100mbit is switched.

It is in fact IMPOSSIBLE to have a dual-speed hub which is a pure hub when 
presented with mixed traffic speeds.. no.. really.. it's actually 
impossible. If you tried every port would have to throttle down to 10mbit 
and you'd have a 10mbit hub.

Based on the description, which may differ from reality, all the 100mbit 
ports might see each other's traffic, and all the 10mbit ports might see 
each other's traffic, but they will definitely not see traffic from ports 
of different speeds.

The problem is that the actual implementation may have more switching 
behavior than advertized.. all they've guaranteed is that the 10/100 
segments are bridged.. but that doesn't mean that the 100mbit ports can't 
be fully switched with respect to each other too.











More information about the Snort-users mailing list