On 19/07/09 09:06, Amos Shapira wrote:
Hello,
I'm looking for an Ethernet hub to be used for network troubleshooting
(trying to find which of our hosts is involved in the load on our
office uplink).
I hung on to a old 10Base-T hub for exactly this purpose, and as a
wireshark capture from Linux less and less replicates what appears
on the wire (due to network cards becoming smarter and smarter) it
is worthwhile.
You'd be luck to find a 100Mbps hub, there were simply too few made
compared with 100Mbps switches.
You can use a switch in monitor or span (a Cisco-ism) mode, and
pretty much all "enterprise" class 100Base-TX switches have
that feature. You may not want them for a home network, because
they produce enterprise-class noise.
If you are looking at this for security purposes, then note that
there are well-known defeats for switch-based monitoring. The
usual approach for that application is either a RJ-45 electrical
tap or a 1000Base-LX optical splitter. The optical splitter having
the advantage of being unpowered and misbehaviour of the monitoring
interface being unable to pull down the monitored interface. So
an optical tap is the usual choice for enterprise, but you're looking
at 3 SFPs (say, $900-$3000), 2 taps ($400), and 2 SFP-carrying PC
ethernet interfaces ($600), and various optical cables ($400).
I strongly encourage our university customers to attach to
AARNet via an optical tap, even if they don't currently have a
monitoring machine attached.
You can buy the RJ45 taps from various security suppliers. The
best ones are powered with the two MII/GMII interfaces basically
wired to each other. You might find the search terms "calea" and
"lawful interception" useful.
The wired one someone posted to this thread should work at 100Mbps,
but will fail at GbE. The system relies upon the combined capacitance
of the system being small, so use Cat6 and keep all cables short. It's
too dodgy for enterprise use, as any component failure (perhaps even
powering off one of the nodes) would pull down the monitored link.
--
Glen Turner
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
