[Snort-users] Is it really a HUB?

kenw at ...10492... kenw at ...10492...
Fri Nov 28 12:19:05 EST 2003


On Fri, 28 Nov 2003 14:06:01 -0500, you wrote:

>At 11:31 PM 11/27/2003, kenw at ...10492... wrote:
>> >The problem is that the actual implementation may have more switching
>> >behavior than advertized.. all they've guaranteed is that the 10/100
>> >segments are bridged.. but that doesn't mean that the 100mbit ports can't
>> >be fully switched with respect to each other too.
>>
>>According to Cisco's literature, these hubs provide "100-Mbps peak
>>aggregate throughput".  That implies no switching on the 100Mbps side.
>
>
>True, although they are free to give you more than advertised. Implications 
>are not specifications.
>
>I've encountered at least one dual-speed hub, a netgear model, that behaved 
>more like a switch than a hub between 100mbit ports. (I tried to hook a 
>100mbit/sec sniffer in between two 100mbit devices and saw nothing). The 
>big difference is that it only supported half duplex, unlike most switches.

Interesting.  I personally use a NetGear DS104 dual-speed hub, specially
purchased for such work.  I've never seen that behavior.  I do, though,
have to watch the port speed lights carefully, and hard-set the NIC
interface speed at times.

Vendor marketing types seem to see little harm in playing their usual games
with terminology.  They're usually right, unfortunately.

>Basically all I was stating was that it *might* behave like a switch or a 
>hub.. Despite the Cisco literature, I still see nothing in there that 
>solidly ensures hub-like behaviors between 100mbit ports. Thus, I still say 
>that either behavior is possible.
>
>It could act like a hub, or a switch, and neither behavior is guaranteed by 
>the spec.

True.  And it could even violate specs, for that matter (gee, that _never_
happens ;-/ ).

The Principle of Least Amazement (aka Occam's Razor) would suggest that an
auto-configuring sniffer NIC is the more likely culprit, and deserves close
inspection.  But I would pay dearly for the ability to generate a personal
No Wierd Sh*t Zone.

/kenw
Ken Wallewein CDP,CNE,MCSE,CCA,CCNA
K&M Systems Integration
Phone (403)274-7848
Fax   (403)275-4535
kenw at ...10492...
www.kmsi.net




More information about the Snort-users mailing list