Re: How can we analyse the traffic through a hub ?

pranav2794 · ‎05-27-2011

I have heard that if we attact a hub in between the wires we are easily able to analyse the traffic that goes through that wire,
Tell me the full procedure how to set it up, with what softwares and OS I can analyse the traffic. ?

Leo Laohoo · ‎05-27-2011

The only thing missing in the equation is a proggie to analyze packets as it traverse from one interface of the hub to the next with your client in the middle. Use WireShark as the proggie.

Glenn Matthys · ‎06-02-2011

A hub is a multi-port repeater. That means, whatever comes traffic comes in on for example port 1, egresses on all ports except port 1. It has no knowledge of layer 2 stuff (MAC addresses, etc...), it's a pure electrical device. It duplicates the electrical signal received from one port to all other ports except the receiving port.

Because of this behaviour, we can easily capture traffic:

pc A

|

+-|-----------+

|port1 |

|HUB port3 ----- pc C

|port2 |

+-|-----------+

|

pc B

So what happens here is, pc A and pc B are connected to respectively port 1 and port 2 on the hub. Since the hub repeats whatever is coming in on port 1 to port 2, and vice versa, they both can communicate. However, since a hub repeats to *all ports*, including port 3, if pc B sends a message to pc A, pc C will also receive the message even though it may not be meant for him!

By using this "everything gets repeated" logic, you can easily snoop traffic between two nodes by inserting a hub in the communication path and attaching a third node to the hub.

As already suggested, you can use wireshark to capture the traffic. Make sure to enable promiscious mode (promiscious mode sets the network card to accept traffic even if it's not destined for him)