rfoxwor1@tampabay.rr.com wrote:
> ---- Chris Mathey <slug@mathey.org> wrote:
>
>> CSMA/CD is just for half-duplex communication, which is basically dead.
>> I haven't seen a hub in a really long time. If I did find one in my
>> environment it would be ripped out immediately :)
>>
>> Full Duplex Ethernet, collisions are impossible since tx and rx are on
>> different wires, and each segment is connected directly to a switch.
>> Therefore, CSMA/CD is not used on Full Duplex Ethernet networks.
>
>
> Yes, if you are not using a hub then you need to use a switch (unless
> you have access to a tap device from such as NetOptics). If you are
> in need of monitoring your net traffic for whatever reason, you can
> do this, if you have a prof. grade switch that can be set up with a span
> port. If you are using some of the cheaper switches sold as a
> consumer grade item, that choice is not available. For my way of
> thinking I could not imagine having a network with no way of checking
> the traffic flow. If you (anyone, pl.) think this is not necessary, you just
> haven't yet run into the problem that _makes_ it necessary. To do this,
> you either use a good* configurable switch, a tap or a hub. Or, guesswork.
>
> * good == $
I don't inherently disagree with you, however my perspective is that
hubs suck and should be phased out. I wouldn't want to introduce
collisions into a network!? lost packets = degraded performance
If I need to sniff traffic I just load wireshark on the host I want to
analyze. I've been a network engineer for a long time and have never nor
would I want to capture ALL traffic on a LAN. If I am troubleshooting a
application issue wireshark is all I need.
>
> Sounds like your environment is a good (see *) commercial setup with
> proper hardware.
My enterprise network is top notch. My home network consists of
consumer grade netgear gigE stuff.
>But I'd be interested in knowing why you feel a hub
> is an inherently bad device to even have installed.
Network collisions stemming from half duplex are bad. Enough said.
Ok, hubs make is easier to put a sniffer in but seeing ALL traffic is
just not necessary. On an internet DMZ with IDS's yes.
>Unless someone has
> uncontrolled access to your wiring closet, and can just go
> around jacking a "sniffer" onto your network without you knowing it.
>
> Or, knowing why someone else felt it necessaary to have installed it
> to begin with (such information can be very helpful - sometimes better to
> let it lie and quietly watch it to see who was interested in it). It's quite
> obvious the hub would not have been installed by you, is it? When you
> "rip it out immediately" however, you lose all that people diagnostic. And
> remember, physical (e.g. console) access is king. When that happens,
> game over.
Agreed, I meant to imply that the hub would be replaced with proper
equipment. Not literally riped out without regard for whoever was using it.
Side note, any network admin should not allow end users to be sticking
devices like hubs/switches/et al into their access network!
(unless you sign off and verify it.)
I have seen LANs brought down due to carelessness like this.
>
> And it can hardly be about faster internet, when your gigabit LAN
> is throttled down to 300k when it hits the first interface downtown
> sharing traffic with a thousand kids downloading movies..
I still don't like introducing collisions into my LAN. Call me anal.
>
> Yes I have two hubs at home. One on either side of my firewall.
> This is so I can run an instance of wireshark on a third machine,
> (eth with no assigned IP) plugged into a hub port, and see what
> kind of threats are trying to get in. Or, help debug my wife's
> telecommuting when it is acting balky. Using a switch, that would let
> me do this, is for me vast economic overkill.
IMHO overkill. Wireshark on your firewall or workstation you are
troubleshooting does the same thing. Your methodology does work, but you
introduced a whole layer of complication with all those hubs and such.
I am a bit obsessed with performance and would hate to introduce half
duplex communication anywhere in my network.
>
> But I am my own purchasing manager. YMMV. Be thankful you
> don't have to do that. Right now, "home" IS my "environment".
>
> - Bob
>
> PS in this day and age I would recommend the tap option
> for this purpose, see www.netoptics.com e.g. 96443 copper port
> aggregator.
>
>
Bob, I really don't disagree with any of your methods. I just don't
share your perspective.
-Chris
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 16:06:54 EDT