Re: [SLUG] where to get an Ethernet hub (NOT a switch)
On Sun, Jul 19, 2009 at 09:36:47AM +1000, Amos Shapira wrote: I'm looking for an Ethernet hub to be used for network troubleshooting (trying to find which of our hosts is involved in the load on our office uplink). I bought a few Dlink 10MB hubs from the US quite some time back for messing with network sniffing. Didn't reply earlier as I couldn't remember where they were, but I've found them tonight. :-) So you're welcome to one if you'd like Amos. Ping me off-list and we'll tee something up. Cheers, Gavin -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] where to get an Ethernet hub (NOT a switch)
Hi Gavin, I'm supposed to be busy helping my wife move her pilateststudio this weekend but hope to find time to come over. How much would you like for it? I'm waiting for the hub (hopefully not a switch) to arrive to the office this Monday but if it turns out a dud then I'd like to have something else to try. My mobile is 0416 520 655. Thanks! --Amos 2009/7/24 Gavin Carr ga...@openfusion.com.au: On Sun, Jul 19, 2009 at 09:36:47AM +1000, Amos Shapira wrote: I'm looking for an Ethernet hub to be used for network troubleshooting (trying to find which of our hosts is involved in the load on our office uplink). I bought a few Dlink 10MB hubs from the US quite some time back for messing with network sniffing. Didn't reply earlier as I couldn't remember where they were, but I've found them tonight. :-) So you're welcome to one if you'd like Amos. Ping me off-list and we'll tee something up. Cheers, Gavin -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] where to get an Ethernet hub (NOT a switch)
Amos Shapira wrote: On Sun, Jul 19, 2009 at 09:36:47AM +1000, Amos Shapira wrote: I'm looking for an Ethernet hub to be used for network troubleshooting (trying to find which of our hosts is involved in the load on our office uplink) Hi Amos, I might be a little late now... if you've progressed this far with the hub option you might as well go all the way now... However, you are doing this the hard way. You don't need an ethernet hub if you already know where the traffic is going. All you need to do is investigate the traffic on your office uplink. Its possible that the device you use for the uplink already might give you this info... but if it doesn't, you should replace the uplink device with a Linux PC and just sniff the traffic from there. Starting from scratch this should take about 2 hours to complete (assuming it takes an hour to install your favourite flavour of Linux and you're not using mesh VPNs or other complex configurations). Ideally you would configure the Linux PC to be the local gateway, and then reconfigure the existing uplink device to provide the link between the Linux PC and outside. If you want to really get your hands dirty, you could configure the Linux box with 2 interfaces as a bridge and simply insert it in between your switch and your office uplink. This would allow you to sniff the traffic without needing to change any IP configs on the existing network. (Ah, I see Rob Collins said something like this last week - you can make a trivial two port switch out of a linux machine with brtools). Cheers, Marty -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] where to get an Ethernet hub (NOT a switch)
2009/7/25 Marty Richards ma...@netwaynetworks.com.au: However, you are doing this the hard way. You don't need an ethernet hub if you already know where the traffic is going. All you need to do is investigate the traffic on your office uplink. Its possible that the device you use for the uplink already might give you this info... but if it We use SonicWall TZ 190. It gives very rought traffic per IP in is Logs screen but to get all the details we'll need to purchase something called SonicView and run it on Windows. doesn't, you should replace the uplink device with a Linux PC and just sniff the traffic from there. Starting from scratch this should take about 2 hours to complete (assuming it takes an hour to install your favourite flavour of Linux and you're not using mesh VPNs or other complex configurations). Ideally you would configure the Linux PC to be the local gateway, and then reconfigure the existing uplink device to provide the link between the Linux PC and outside. If you want to really get your hands dirty, you could configure the Linux box with 2 interfaces as a bridge and simply insert it in between your switch and your office uplink. This would allow you to sniff the traffic without needing to change any IP configs on the existing network. (Ah, I see Rob Collins said something like this last week - you can make a trivial two port switch out of a linux machine with brtools). That's exactly what we did - put a linux box with two network cards as a bridge between the SonicWall and the SHDSL modem and run ntop on it. It caused troubles due to hardware issues (network card) and later because the linux box had iptables filtering packets. They were resolved and that's how our network is served now but I feel that having our entire uplink depend on a desktop-level linux box I'm not sure its age a bit worrying. I think I'll feel more comfortable if I could let the uplink through a piece of hardware with no moving parts in it if you know what I mean, plus it's something we'll be able to slug around the network more easily, connect my laptop to it and have a listen. Thanks, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] where to get an Ethernet hub (NOT a switch)
Amos == Amos Shapira amos.shap...@gmail.com writes: Amos Hello, Amos I'm looking for an Ethernet hub to be used for network Amos troubleshooting (trying to find which of our hosts is involved Amos in the load on our office uplink). You probably need a switch with port mirroring. You can pick up HP Procurve 100Mb switches second hand pretty cheap on eBay. They have a lifetime warranty from HP, so are pretty safe to buy. Peter C -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] where to get an Ethernet hub (NOT a switch)
peter == peter pe...@chubb.wattle.id.au writes: Amos == Amos Shapira amos.shap...@gmail.com writes: Amos Hello, Amos I'm looking for an Ethernet hub to be used for network Amos troubleshooting (trying to find which of our hosts is involved Amos in the load on our office uplink). If you really want a hub, you're mostly stuck with 10Mb/s -- most 100Mb gear does 10/100 and switching. Even if it's *called* a hub. Peter C -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] where to get an Ethernet hub (NOT a switch)
On Sun, Jul 19, 2009 at 09:36, Amos Shapiraamos.shap...@gmail.com wrote: I'm looking for an Ethernet hub to be used for network troubleshooting (trying to find which of our hosts is involved in the load on our office uplink). Would something like this be useful instead? http://www.enigmacurry.com/articles/building-an-ethernet-tap/ - Matt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] where to get an Ethernet hub (NOT a switch)
Amos, Of course if you purely want to find out the top talkers by IP, probably the industry-standard of way of doing is to in the longer term is to have your router send netflow stats to a collection server. Pretty much any business level router will do this. And if you have chosen a Linksys WRT type of router you run DD-WRT or OpenWRT on it and it will also have a netflow (or a clone, DD-WRT uses rflowd). Netflow stats can then be captured and processed with flow-tools (for scrit based processing) or Ntop which gives a more graphical way of viewing things. The custom WRT firmware can also run tcpdump which can be used for detailed analysis by Wireshark. So depending on your choice of routers you may not even need a hub or port-mirroring switch. Regards, Martin martinvisse...@gmail.com -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] where to get an Ethernet hub (NOT a switch)
On Sun, July 19, 2009 7:55 pm, pe...@chubb.wattle.id.au wrote: Amos == Amos Shapira amos.shap...@gmail.com writes: lifetime warranty from HP, so are pretty safe to buy. lifetime=/life time what's a lifetime of such, as defined by HP? I used to have some SMC ISA NICs with lifetime warranty, when one failed, I've called SMC to have it replaced: 'that card is over 5 years old' 'the liftetime of that product is 5 years' -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] where to get an Ethernet hub (NOT a switch)
2009/7/19 Matt Hope matt.h...@gmail.com On Sun, Jul 19, 2009 at 09:36, Amos Shapiraamos.shap...@gmail.com wrote: I'm looking for an Ethernet hub to be used for network troubleshooting (trying to find which of our hosts is involved in the load on our office uplink). Would something like this be useful instead? http://www.enigmacurry.com/articles/building-an-ethernet-tap/ Yes very much. Now I have to find a way to build it since I don't have the resources (tools, time) to do it myself. Cheers, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] where to get an Ethernet hub (NOT a switch)
On Sun, Jul 19, 2009, Amos Shapira wrote: 2009/7/19 Matt Hope matt.h...@gmail.com On Sun, Jul 19, 2009 at 09:36, Amos Shapiraamos.shap...@gmail.com wrote: I'm looking for an Ethernet hub to be used for network troubleshooting (trying to find which of our hosts is involved in the load on our office uplink). Would something like this be useful instead? http://www.enigmacurry.com/articles/building-an-ethernet-tap/ Yes very much. Now I have to find a way to build it since I don't have the resources (tools, time) to do it myself. Doesn't this break the relevant electrical specifications for ethernet over twisted pair? :) It may work, but ethernet certainly isn't intended to work this way. Who knows what the side effects will be. Adrian -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] where to get an Ethernet hub (NOT a switch)
Actually it is pretty straight forward - For as long as you own the product, - http://www.procurve.com/customercare/support/warranty Basically if it breaks due to defects in materials and workmanship, they'll fix it (as long as you didn't break it by the way it was operated or maintanedt). (Yes, I do work for HP, but I am not speaking on their behalf - read all the warranty conditions for yourself or in the presence of a lawyer ;-) ) Regards, Martin martinvisse...@gmail.com On Sun, Jul 19, 2009 at 10:46 PM, Voytek Eymont li...@sbt.net.au wrote: On Sun, July 19, 2009 7:55 pm, pe...@chubb.wattle.id.au wrote: Amos == Amos Shapira amos.shap...@gmail.com writes: lifetime warranty from HP, so are pretty safe to buy. lifetime=/life time what's a lifetime of such, as defined by HP? I used to have some SMC ISA NICs with lifetime warranty, when one failed, I've called SMC to have it replaced: 'that card is over 5 years old' 'the liftetime of that product is 5 years' -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] where to get an Ethernet hub (NOT a switch)
On Sun, July 19, 2009 11:08 pm, Martin Visser wrote: Actually it is pretty straight forward - For as long as you own the product, - http://www.procurve.com/customercare/support/warranty Basically if it breaks due to defects in materials and workmanship, they'll fix it (as long as you didn't break it by the way it was operated or maintanedt). (Yes, I do work for HP, but I am not speaking on their behalf - read all the warranty conditions for yourself or in the presence of a lawyer ;-) Martin, that certainly sounds better than SMC's definition -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] where to get an Ethernet hub (NOT a switch)
2009/7/19 Martin Visser martinvisse...@gmail.com: Amos, Of course if you purely want to find out the top talkers by IP, probably the industry-standard of way of doing is to in the longer term is to have your router send netflow stats to a collection server. Pretty much any We have SonicWall TZ 190. So far I haven't found in its docs how to configure port mirroring or netflow. I'll try to catch their support today. Thanks, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] where to get an Ethernet hub (NOT a switch)
On Sun, 2009-07-19 at 20:08 +1000, pe...@chubb.wattle.id.au wrote: Even if it's *called* a hub. The comms technical literature I have on the hardware generally calls all hubs hubs - after all that's what they are isn't it - as in the centre of a wagon-wheel? All hubs these days are switching hubs to which of course reduce the visibility of packets to third parties on the LAN. When you're in a hurry you say switch but it's still a hub. Kevin. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] where to get an Ethernet hub (NOT a switch)
On 19/07/09 09:06, Amos Shapira wrote: Hello, I'm looking for an Ethernet hub to be used for network troubleshooting (trying to find which of our hosts is involved in the load on our office uplink). I hung on to a old 10Base-T hub for exactly this purpose, and as a wireshark capture from Linux less and less replicates what appears on the wire (due to network cards becoming smarter and smarter) it is worthwhile. You'd be luck to find a 100Mbps hub, there were simply too few made compared with 100Mbps switches. You can use a switch in monitor or span (a Cisco-ism) mode, and pretty much all enterprise class 100Base-TX switches have that feature. You may not want them for a home network, because they produce enterprise-class noise. If you are looking at this for security purposes, then note that there are well-known defeats for switch-based monitoring. The usual approach for that application is either a RJ-45 electrical tap or a 1000Base-LX optical splitter. The optical splitter having the advantage of being unpowered and misbehaviour of the monitoring interface being unable to pull down the monitored interface. So an optical tap is the usual choice for enterprise, but you're looking at 3 SFPs (say, $900-$3000), 2 taps ($400), and 2 SFP-carrying PC ethernet interfaces ($600), and various optical cables ($400). I strongly encourage our university customers to attach to AARNet via an optical tap, even if they don't currently have a monitoring machine attached. You can buy the RJ45 taps from various security suppliers. The best ones are powered with the two MII/GMII interfaces basically wired to each other. You might find the search terms calea and lawful interception useful. The wired one someone posted to this thread should work at 100Mbps, but will fail at GbE. The system relies upon the combined capacitance of the system being small, so use Cat6 and keep all cables short. It's too dodgy for enterprise use, as any component failure (perhaps even powering off one of the nodes) would pull down the monitored link. -- Glen Turner -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] where to get an Ethernet hub (NOT a switch)
I think you will find getting a hub pretty hard these days - no one builds them. Presumably you need one so that you can send a copy of traffic for something link Wireshark or Ntop to analyse. Your best bet these days is to find a small manageable switch that supports port mirroring. HP ProCurve have the 1700-8 which is 10/100 and supports mirroring of any number of the ports to one port. (Also supports VLANs as a bonus). The big advantage is that once you have set it up you can rearrange the ports you want mirrored as you need without having to rearrange patching like you would with a hub. Can be your for under $150 locally. (You will probably find that Linksys and Netgear both have similar low-end managable switches for around the same price range). Regards, Martin martinvisse...@gmail.com On Sun, Jul 19, 2009 at 9:36 AM, Amos Shapira amos.shap...@gmail.comwrote: Hello, I'm looking for an Ethernet hub to be used for network troubleshooting (trying to find which of our hosts is involved in the load on our office uplink). So far eBay came up with only one option in Australia (which is a modem, and therefore apparently there is more competition on it) and one in the US (which adds to shipping cost and time). Does anyone here knows where can I get an Ethernet hub in Australia, preferably where I can get it quick to Sydney area, and not so expensive? (it seems that current hub models are expensive security-related ones, not justifiable for my requirements). 100Mbit would be preferable, but maybe not essential if we connect it between the router/firewall and the SHDSL modem. Thanks, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] where to get an Ethernet hub (NOT a switch)
Hello, I'm looking for an Ethernet hub to be used for network troubleshooting (trying to find which of our hosts is involved in the load on our office uplink). So far eBay came up with only one option in Australia (which is a modem, and therefore apparently there is more competition on it) and one in the US (which adds to shipping cost and time). Does anyone here knows where can I get an Ethernet hub in Australia, preferably where I can get it quick to Sydney area, and not so expensive? (it seems that current hub models are expensive security-related ones, not justifiable for my requirements). 100Mbit would be preferable, but maybe not essential if we connect it between the router/firewall and the SHDSL modem. Thanks, --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] where to get an Ethernet hub (NOT a switch)
On Sun, 2009-07-19 at 09:36 +1000, Amos Shapira wrote: Hello, I'm looking for an Ethernet hub to be used for network troubleshooting (trying to find which of our hosts is involved in the load on our office uplink). If you want to do greedy packet capturing, I suggest using 'port mirroring', a feature found on many business model switches. Failing that, you can make a trivial two port switch out of a linux machine with brtools. -Rob signature.asc Description: This is a digitally signed message part -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
