[Snort-users] Found true hub

Richard Bejtlich taosecurity at ...11827...
Fri Nov 19 12:55:02 EST 2004

John McCash wrote:

> Gullermo,
>        Ummm... from the writeup on that device on the CDW website:

>"Full connectivity among devices
>Each unit has a built-in self-learning bridge which provides the
> communications link between the 10 and 100Mbps network devices. The
> intelligent bridge automatically manages network traffic such that 100
> Mbps traffic does not unnecessarily crowd the 10Mbps network segment and
> 10Mbps traffic does not crowd the 100Mbps segment."

> Are you SURE that this isn't dropping some of the traffic that you're
> supposedly monitoring? It would not necessarily be obvious, especially
> over a slower link. I suppose that it's possible that this functionality
> only kicks in between 10 and 100 MB links, but the comment makes me
> suspicious nonetheless.
>                John

John and Gullermo,

Any device that is not a strict 10 Mbps or 100 Mbps device is not a
"true hub."  Any 10/100 Mbps device is a switch.

However, as I believe Bill originally posted, some 10/100 Mbps "hubs"
can act like "true hubs" when all connected devices are configured to
operate at the same speed -- either all at 10 Mbps or all at 100 Mbps.
 In my personal experience NetGear 10/100 Mbps hubs act as "true hubs"
but Linksys 10/100 Mbps "hubs" do not.

When researching chapter 3 for my book, I could not find any
small-scale strict 100 Mbps hubs.  [0]  Netgear does make 4 and 8 port
10 Mbps hubs.



[0] http://www.taosecurity.com/books.html

More information about the Snort-users mailing list