Network Devices: HUB SWITCHES

Passive Network Monitoring Concept: Deployment Scenario Q & A

•Operating at the physical layer, hubs are very simple devices that pass all traffic in both directions between the LAN sections they link.

•Strictly speaking, hubs are not considered part of a backbone network, but are usually repeaters or amplifiers.

•When a workstation transmits to a hub, the hub immediately resends the data frame out all connecting links.

•A hub can be managed or unmanaged. A managed hub possesses enough processing power that it can be managed from a remote location.

•When a single station transmits, the hub repeats the signal on the outgoing line to each station.

•Hubs can be cascaded in a hierarchical configuration.

The backplane of a switch is fast enough to support multiple data transfers at one time.

Multiple workstations connected to a switch use dedicated segments. This is a very efficient way to isolate heavy users from the network.

A switch is a combination of a hub and a bridge. It can interconnect two or more workstations, but like a bridge, it observes traffic flow and learns.

When a frame arrives at a switch, the switch examines the destination address and forwards the frame out the one necessary connection.

Workstations that connect to a hub are on a shared segment.Workstations that connect to a switch are on a switched segment.

Store and forward switch Accepts a frame on input line Buffers it briefly Routes it to appropriate output line

Cut-through switch Begins repeating the frame as soon as it recognizes

the destination MAC address Higher throughput, increased chance of error

The benefits of VLANs are that a switch can be configured to handle two isolated networks without the traffic from one network burdening the other. IP multicast traffic from VLAN 1 will not reach VLAN 2. However, a VLAN will also block unicast and broadcast traffic, and adds a measure of security between networks.

Agent Less

Managed Switc

h

Packets can be captured using Port Mirroring or Network Splitter (Tap)

Port Mirroring Network Splitter

How it works - Copies all packets passing on a port to another port

- Splits the signal and send a signal to original path and another to probe

Advantage - No extra hardware required

- No processing overhead on router/switch

Disadvantage - Processing overhead on router/switch

- Splitter hardware required

Port mirroring refers to the ability to direct a duplicate of the frames being transmitted on one port to another port. This allows a traffic analyzer to be connected to a switch and have the ability to monitor the traffic on a given port. Without port mirroring, an analyzer is not able to see frames on other ports.

Traffic analyzers are used extensively by people who support Ethernet networks. Therefore, it is critical that a switch is selected that supports port mirroring so that a traffic analyzer will function correctly on the network.

Connected to iNet Segment

Mirrored port

iNet S

egment

Port Mirroring

A network tap is a hardware device which provides a way to access the data flowing across a computer network.

In many cases, it is desirable for a third party to monitor the network traffic between two points in the network, point A and point B. If the network between points A and B consists of a physical cable, a network tap may be the best way to accomplish this monitoring.

To place a tap between points A and B, the network cable between point A and point B is replaced with a pair of cables, one going to the tap's A port, one going to the tap's B port.

The tap passes through all traffic between A and B, so A and B still think they are connected to each other, but the tap also copies the traffic between A and B to its monitor port, enabling a third party to listen.