IF you wanted to analyse some network traffic, to see where things were going wrong, you would use a network hub. A network hub is one of the devices you can use to listen to network traffic, as it’s happening. In other words, you can listen in on a conversation between two or more computers.*
They don’t make network hubs anymore, network switches have become cheap. The last 4 port network switch I brought was < $30.
So what can you do to tap network traffic?
- buy a secondhand hub from someone on eBay
(this is what I did)
- some switches can be configured to act like a hub, but those sorts of switches tend to be expensive.
- NetOptics make the 10/100 Teeny Tap, which would be my pick if I was working in the field.
- look at Cisco NetFlow capable software
(even more expensive)
* "Why would you want to eavesdrop on network traffic?"
A real world example:
Customer reports network-enabled document scanner fails intermittently with a "network error".
So we replace the hardware, upgrade the firmware, and generally stuff around a bit, before we decide to strap on a network analyser.
Do things change when you observe them? I think they do, no failures observed.
We disconnect the network analyser. The network document scanner fails. "Quick", I yell. "We’re got a failure!".
We capture the error, and it looks like this:
MESSAGE: 220 Service Ready for New User
MESSAGE: (username sent)
MESSAGE: 331 Password required for DOCUMENTSCANNER01
MESSAGE: 221 Server is closing command connection
The cause is that the FTP server is cancelling the connection before the document scanner replies with the password.
Reference: Analyzing FTP Communications (from Novell)