Re: hubs and switches

[John Kinsella <jlk () thrashyour com>]

On Thu, Aug 05, 2004 at 12:41:26PM -0700, Fulp, J.D. USA wrote:
> So... bottom line... if there is a "col" led (light-emitting diode) on
> the device, you can be 99% sure you've got a true "dumb" hub.

Hmmm a little misleading...hop on any Cisco switch[1] and do a "sh int"
and you'll get plenty of stats on collisions.  What a ethernet switch
does, a little more accurately, is cuts down the size of your collision
domain to two nodes (source and destination).  If those two guys happen
to start chattering like teenagers[2] at the same time, there's a chance
of a collision still.

Off top of my head, best way to see if you're on a switch or hub,
besides researching the brand/model online(or using stuff you know),
would be to do a little sniffing with your favorite tool, and see if
you receiving any packets that are not broadcast and not destined to
your mac address(es).

John

1: I'll specify cisco intelligent switch - not sure if they have
anything yet that's non-managed...probably if you include the various
companies they've recently bought.
2: OK so teenagers don't have backoff algorithms.  Little detail. ;)

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------