Network monitoring

[Daniel Eischen]

On Tue, 23 Nov 2004, Simon Roberts wrote:

> I apologize that this probably isn't the most relevant
> list to ask this on. Suggestions for better lists will
> be welcome.
>
> I'm trying to monitor traffice on a 100BaseT ethernet
> network link. I split the line, put a "hub" in and am
> trying to run tcpdump on a box off the side of the
> hub.
>
> Unfortunately, it turns out the hub isn't a hub, it's
> a "switching hub" (what's not a switch about this? I
> don't get it). Consequently, all I see are arp
> packets, bootp packets, and the odd broadcast. I went
> to a local store to buy a hub, and guess what, they
> sold me another switching hub, so that has to be
> returned :(
>
> So, the question is, can anyone tell me the
> manufacturer and product name of a real (dumb) hub? I
> could use 10baseT instead if necessary, I just need
> something cheap that is a simple repeater. Of course,
> nobody advertizes "our hub really is a totally dumb
> hub, not like those fancy switching hubs the
> competition sells" ;>

You could always go the other way and get a more capable
switch.  At least for the Cisco (3500XL series), you
can put a port in mirroring mode so that it sees all
traffic.  Sorry, I haven't any advice on real hubs.

-- 
DE