NetGear 8 port network hub IF you wanted to analyse some network traffic, to see where things were going wrong, you would use a network hub.  A network hub is one of the devices you can use to listen to network traffic, as it’s happening.  In other words, you can listen in on a conversation between two or more computers.*

No more.

They don’t make network hubs anymore, network switches have become cheap.  The last 4 port network switch I brought was < $30.

So what can you do to tap network traffic?

  • buy a secondhand hub from someone on eBay
    (this is what I did)
  • some switches can be configured to act like a hub, but those sorts of switches tend to be expensive.
  • NetOptics make the 10/100 Teeny Tap, which would be my pick if I was working in the field.
  • look at Cisco NetFlow capable software
    (even more expensive)

 * "Why would you want to eavesdrop on network traffic?"

A real world example:
Customer reports network-enabled document scanner fails intermittently with a "network error".

So we replace the hardware, upgrade the firmware, and generally stuff around a bit, before we decide to strap on a network analyser.

Do things change when you observe them?  I think they do, no failures observed.

We disconnect the network analyser.  The network document scanner fails.  "Quick", I yell.  "We’re got a failure!".

We capture the error, and it looks like this:

MESSAGE: 220 Service Ready for New User
MESSAGE: (username sent)
MESSAGE: 331 Password required for DOCUMENTSCANNER01
MESSAGE: 221 Server is closing command connection

The cause is that the FTP server is cancelling the connection before the document scanner replies with the password.

Reference: Analyzing FTP Communications (from Novell)

Bookmark and Share