[wplug] Tapping into an Ethernet connection

Alexandros Papadopoulos apapadop at alumni.cmu.edu
Fri May 15 10:26:34 EDT 2009


On Fri, May 15, 2009 at 3:04 PM, Weber, Lawrence A
<Lawrence.Weber at ansaldo-sts.us> wrote:
> I have been trying to tap into an Ethernet connection between two pieces of
> equipment that we have designed.  I have found a cheap hub at only one Best
> Buy that allows me to use WireShark to view the messages.  However they are
> only 10Meg Hubs and eventually I am going to need to run at 100Meg.

Ensure your capturing device (PC?) can handle 100Mbit of traffic via
wireshark. It's a LOT of processing...

> I have two other Linksys hubs (NH1005 and EFAH08W) that are listed as
> "Network Hub" and "Workgroup Hub".  Both of these older (5 yr?) devices seem
> to be switches and not hubs.

Hrmf, Google insists they're hubs... you are running the capturing
device in promiscuous mode, right?

>  I looked on line and can only find used 4 port
> hubs, but I am concerned that they are also just switches.  Is there any way
> to know if a hub is a hub and not a switch?  Or, is there another way to use
> WireShark to view traffic?

I think resorting to cache poisoning to force a switch to act as a hub
is overkill for what you're trying to do. Go to amazon.com and search
for "3com hub" or "linksys hub" and you should find a lot of
inexpensive options.

-A


More information about the wplug mailing list