Hub broadcasting vs switch routing

T

tankman1989

Gawd
Joined
Aug 21, 2009
Messages
588
I'm curious of the reasonings for using hubs when a switch is available. The network consists of HP servers from 2008 and HP business desktops with gigabit NIC's. There may be a few older machines running on the network that run XP but they have gigabit NIC's (these machines have older dot matrix printers running on them as local printers).

The network is setup with 6-8 servers running to a gigabit switch & switch is uplinked to 2 48 port Cisco Gigabit switches. There is a 48 port Cisco 10/100 hub as well that is plugged into one of the stitches with one cable and then one cable running from the hub to another system (reportedly a computer....)

What would be the benefit or application of using a hub attached to a switched network, especially when there is no need to have the hub in the mix (the cable plugged into the hub could be plugged into a switch as there are empty ports).

Can anyone give me any insight into why this may be set up this way? I've asked about what is connected to the hub and get very nebulous answers. It is clear that whatever is hooked up to the system is either used or monitored closely as disconnecting the wire results in its mysterious reconnection in a very short time period yet no one ever admits to reconnecting it. (they must also know to connect the hub to the switch and which cable was originally in the hub - there are no markings and all cables are identical looking).

From what I have seen it seems that reasons for this may possibly lead to the not so "legitimate" side of the IT world (well, it may be legitimate, but undisclosed we'll say).

Please any ideas about this are greatly appreicated.
 
You could throw something else on the hub and listen to the traffic. Maybe it's just bring used as a signal repeater? Other than that, I can't imagine a reason for it being there. The hub is just repeating the signal so if it's in the same IDF, your guess is as good as mine.
 
Raekwon said:
You could throw something else on the hub and listen to the traffic. Maybe it's just bring used as a signal repeater? Other than that, I can't imagine a reason for it being there. The hub is just repeating the signal so if it's in the same IDF, your guess is as good as mine.
Click to expand...

So if you saw something like this and disconnected it a few times only to have it be reconnected quickly and secretly, with no explination as to it's use, would you say that it i s highly suspicious? The IT manager was never informed as to what this connection was for and he supposedly had full access to all system and network devices. Unfortunately there wasn't time to d any network scanning/mapping for the unknown device.

On another note, there was suspicious activity on this network with a specific user's password being changed repeatedly & this person had access to critical/confidential info.

Now would this hub give a full report of all the network traffic or only to the ~45 devices connected to the swiched hooked to the hub?
 
Hubs simply broadcast any traffic that comes into them from any of their own ports. So if there was traffic that was traveling on the switches and simply being switched to any port other than the one the hub is on, the hub will not see that traffic.
 
If there are only 2 cables going to the hub one to the switch and one to a PC then there is no point to it. Plug the PC directly into the switch port the hub is plugged into, remove the hub, take it to your office and wait to see who comes asking for it.

The only reasonable explanation MIGHT be some incapability between the PC and the switch and the hub is being used as a kludge to get around it.

Now if there were other devices plugged into the hub then they could sniff the traffic between the switch and other devices plugged into hub.
 
I would agree that the setup is definitely strange. However, if you're not the IT Manager/Network Admin it may not be in your court to really question it. If you've received nebulous answers, I guess you have to take them at face value and move on. Does your company do other weird and/or fishy stuff?

As CamaroZ28 said, a hub will always indiscriminately flood frames out each of theirs ports as they are Layer 1 devices and never learn MAC address like a switch does. If the hub doesn't receive any type of traffic from the switch, then the hub has no frames to flood.

Nicklebon said:
/snip
Now if there were other devices plugged into the hub then they could sniff the traffic between the switch and other devices plugged into hub.
Click to expand...

This is 100% correct.
 
You must log in or register to reply here.
Back
Top