IDS mailing list archives
Re: hubs and switches
From: John Kinsella <jlk () thrashyour com>
Date: Thu, 5 Aug 2004 15:06:32 -0700
On Thu, Aug 05, 2004 at 12:41:26PM -0700, Fulp, J.D. USA wrote:
So... bottom line... if there is a "col" led (light-emitting diode) on the device, you can be 99% sure you've got a true "dumb" hub.
Hmmm a little misleading...hop on any Cisco switch[1] and do a "sh int" and you'll get plenty of stats on collisions. What a ethernet switch does, a little more accurately, is cuts down the size of your collision domain to two nodes (source and destination). If those two guys happen to start chattering like teenagers[2] at the same time, there's a chance of a collision still. Off top of my head, best way to see if you're on a switch or hub, besides researching the brand/model online(or using stuff you know), would be to do a little sniffing with your favorite tool, and see if you receiving any packets that are not broadcast and not destined to your mac address(es). John 1: I'll specify cisco intelligent switch - not sure if they have anything yet that's non-managed...probably if you include the various companies they've recently bought. 2: OK so teenagers don't have backoff algorithms. Little detail. ;) -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- hubs and switches Ron Gula (Aug 05)
- Re: hubs and switches Mike Poor (Aug 06)
- Re: hubs and switches Stef (Aug 06)
- <Possible follow-ups>
- RE: hubs and switches Fulp, J.D. USA (Aug 05)
- RE: hubs and switches Frank Knobbe (Aug 06)
- Re: hubs and switches John Kinsella (Aug 06)
- RE: hubs and switches Tony Rall (Aug 06)