PPRuNe Forums - View Single Post - How come? - FTP brute force attack
Thread: How come? - FTP brute force attack
View Single Post
Old 14th October 2009 | 18:04
  #53 (permalink)  
Saab Dastard
Administrator
 
Joined: Mar 2001
: PPL
Posts: 8,121
Likes: 686
From: Twickenham, home of rugby
XV,

An ethernet switch differs from an ethernet hub in that each port on a switch is a separate LAN segment, while each port on a hub is part of the same LAN segment.

All ports on a hub are thus in a single collision domain, whereas each port in a switch is in its own collision domain - which essentially means that frame collisions do not occur with switches. Collisions are bad, btw!

Switches also "learn" the MAC addresses of the connected hosts, so only directed unicast and broadcast frames are forwarded out each switch port. Only where the MAC address of a host is not yet in the switch MAC address table will a switch flood a unicast frame out all its ports.

As mixture rightly states, hubs have been entirely superseded by switches (now that the cost per switch port has reduced to the trivial), and hubs would seriously impact the performance on medium to large networks (due to the collisions described above). In a home network with a handful of devices, frankly, there is little difference in performance.

One of the switch's strengths (only forwarding frames to the necessary port) is also a pain when you actually want to monitor all the traffic between two nodes on the switch (or indeed all the traffic across the switch), as - by definition - the traffic is restricted to the ports that the two nodes are connected on.

There are a number of ways around this, depending on the equipment. "Business class" switches tend to have the ability to configure a monitoring port, that can be used to output all traffic from a selection of other ports - ideal if you happen to have that kind of kit.

Another possibility is to use a hub as described above - place the hub between the switch and the target device so that traffic passing from the switch to the target passes through the hub, and - by definition - is flooded out of all the hub ports. By hooking your sniffer to a hub port you get to see all the traffic.

I'm not sure about the "inline" method mixture refers to. Perhaps he will elaborate for us.

While you may struggle to buy a new ethernet hub, a quick look on ebay suggests that you'll easily pick one up from 99p to a fiver, plus P&P. Just ensure you get an ethernet hub, not a USB hub!

SD
Saab Dastard is offline  
Reply
0