[Snort-users] Looking for good hub

Rich Adamson radamson at ...2127...
Tue Sep 28 00:37:01 EDT 2004


> > >Can anybody suggest a good hub to sniff with?   I have found out the some
> > >of the "hubs" are just cheap switchs with very small arp cache.  I need a
> > >least 4 ports.  I had been using the one from HP but, they stopped making
> > >them.  BTW the linksys hubs are switchs.
> >
> > *ALL* 10/100 dual-speed hubs must have some switching behavior, no matter
> > who makes it.
> >
> > It's physically impossible to be dual speed and not switch. If you think
> > about passively repeating all traffic from a 100mbit segment into a
> 10-mbit
> > segment.. You'll be speed limited by the 10mbit segment, thus you'll be
> > relegated to being a 10mbit hub not a dual speed.
> >
> > Some dual-speed hubs behave like a 10mbit hub and a 100mbit hub connected
> > by a two-port switch. Thus, if all ports are the same rate, it's a hub.
> > However, these are not common anymore. It's much more common nowdays for
> > "dual speed hubs" to be switches that don't support full-duplex and have
> small
> >
> > If you want a pure passive hub, you're going to have to get a single-speed
> > one, and these are becoming more and more rare. I keep an eye on
> > liquidators like www.compgeeks.com. A while back they had a batch of old
> > 3com 100mbit pure-passive single-speed hubs in and I got one for about
> $15.
> > I also got a 10mbit hub at the same time.
> >
> > Although more costly, it's getting to the point where it's much easier to
> > find a low-end 10/100 managed switch that has SPAN capabilities, such as
> > the Cisco catalyst 2950 12pt (about $500 ) .
> 
> I just got my hands on a Entrasys (Cabletron) ELS100-TXM 24 port 10/100
> switch with 802.1q and port mirror
> capability for the whopping sum of $85.00 US (inc. fed ex ground shipping),
> and it will sniff all the traffic ya
> want, along with VLANS, CoS, QoS, Trunking, etc...

There's a reason why that specifc model is selling for that price. Its
got some serious issues with the software that Entrasys has never addressed
(and never will). I wouldn't install that switch in a production network 
even if it was free. Home use, maybe.







More information about the Snort-users mailing list