Go Back   Wireless and Wifi Forums > News > Newsgroups > comp.security.misc
Register FAQ Forum Rules Members List Calendar Search Today's Posts Advertise Mark Forums Read

 
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 05-24-2007, 03:17 AM
Will
Guest
 
Posts: n/a
Default Low Cost Hub With Read-Only Ports?

Does anyone make a low cost four to eight port 10/100 hub that has a way to
designate one of the ports as "readonly"? I want to have a notebook act as
a sniffer behind an infected computer without exposing the notebook to any
attack. I've seen what true network TAPs cost, and it seems silly to
spend $600 to $2K for fairly trivial functionality like this. Portability
is a key requirement so having a smaller desktop hub that is also
programmable would be desirable. Any candidates?

--
Will



Reply With Quote
  #2 (permalink)  
Old 05-24-2007, 03:24 AM
Al Dykes
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

In article <V_KdndqX1bJdnsjbnZ2dnUVZ_qGjnZ2d@giganews.com>,
Will <westes-usc@noemail.nospam> wrote:
>Does anyone make a low cost four to eight port 10/100 hub that has a way to
>designate one of the ports as "readonly"? I want to have a notebook act as
>a sniffer behind an infected computer without exposing the notebook to any
>attack. I've seen what true network TAPs cost, and it seems silly to
>spend $600 to $2K for fairly trivial functionality like this. Portability
>is a key requirement so having a smaller desktop hub that is also
>programmable would be desirable. Any candidates?
>
>--
>Will



If you run your sniffer laptop from a CD-bootable OS (knoppix and many
others) if it *does* gete infected, a reboot will fix it.




--
a d y k e s @ p a n i x . c o m
Don't blame me. I voted for Gore. A Proud signature since 2001

Reply With Quote
  #3 (permalink)  
Old 05-24-2007, 04:19 AM
Sebastian G.
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

Will wrote:

> Does anyone make a low cost four to eight port 10/100 hub that has a way to
> designate one of the ports as "readonly"?



Ehm... what about simply cutting one of the wires, trivially creating a
Rx-only ethernet cable?

Reply With Quote
  #4 (permalink)  
Old 05-24-2007, 04:34 AM
Will
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

"Sebastian G." <seppi@seppig.de> wrote in message
news:5bkhv3F2tquhaU1@mid.dfncis.de...
> Will wrote:
>
>> Does anyone make a low cost four to eight port 10/100 hub that has a way
>> to designate one of the ports as "readonly"?

>
> Ehm... what about simply cutting one of the wires, trivially creating a
> Rx-only ethernet cable?


Clever idea...which wire do I cut, and perhaps some vendor sells such a
cable to avoid the hassle?

--
Will



Reply With Quote
  #5 (permalink)  
Old 05-24-2007, 06:04 AM
Pascal Hambourg
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

Hello,

Sebastian G. a écrit :
> Will wrote:
>
>> Does anyone make a low cost four to eight port 10/100 hub that has a
>> way to designate one of the ports as "readonly"?

>
> Ehm... what about simply cutting one of the wires, trivially creating a
> Rx-only ethernet cable?


I guess you mean one of the pairs.
Wouldn't it break the link beat detection and speed auto-negotiation ?

Reply With Quote
  #6 (permalink)  
Old 05-24-2007, 08:32 AM
Casper H.S. Dik
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

"Sebastian G." <seppi@seppig.de> writes:

>Will wrote:


>> Does anyone make a low cost four to eight port 10/100 hub that has a way to
>> designate one of the ports as "readonly"?



>Ehm... what about simply cutting one of the wires, trivially creating a
>Rx-only ethernet cable?


I don't think that works nicely except if the Hub doesn't do link detection
and neither does your laptop.

Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

Reply With Quote
  #7 (permalink)  
Old 05-24-2007, 04:33 PM
Sebastian G.
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

Will wrote:


>> Ehm... what about simply cutting one of the wires, trivially creating a
>> Rx-only ethernet cable?

>
> Clever idea...which wire do I cut, and perhaps some vendor sells such a
> cable to avoid the hassle?


http://en.wikipedia.org/wiki/Etherne...ted-pair_cable

Dunno if a vendor sells it, in any large companies the admins do all the
cabling themselves.

Reply With Quote
  #8 (permalink)  
Old 05-24-2007, 04:34 PM
Sebastian G.
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

Pascal Hambourg wrote:


>> Ehm... what about simply cutting one of the wires, trivially creating a
>> Rx-only ethernet cable?

>
> I guess you mean one of the pairs.
> Wouldn't it break the link beat detection and speed auto-negotiation ?



Sure it does.

Reply With Quote
  #9 (permalink)  
Old 05-24-2007, 04:36 PM
Sebastian G.
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

Casper H.S. Dik wrote:


>> Ehm... what about simply cutting one of the wires, trivially creating a
>> Rx-only ethernet cable?

>
> I don't think that works nicely except if the Hub doesn't do link detection
> and neither does your laptop.


If your setup doesn't require it, the failure of link detection won't break
anything. The only real problem is the OS, thus you have to deactivate DHCP
media sensing (e.g. the OS reports a non-existent network connection through
the DHCP negoiation state in the TCP/IP stack and then invalidates the
routes) and setup the routing table manually.

Reply With Quote
  #10 (permalink)  
Old 05-24-2007, 04:47 PM
Vernon Schryver
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

In article <5blstoF2tq84fU1@mid.dfncis.de>,
Sebastian G. <seppi@seppig.de> wrote:

>>> Ehm... what about simply cutting one of the wires, trivially creating a
>>> Rx-only ethernet cable?

>>
>> Clever idea...which wire do I cut, and perhaps some vendor sells such a
>> cable to avoid the hassle?

>
>http://en.wikipedia.org/wiki/Etherne...ted-pair_cable


Perhaps the point of that URL is to suggest doing what seems obvious
to me. That is to buy a jumper cable at a local retail store, strip
the out jacket, and cut one wire of the right pair. Or buy several
cables, and cut different wires in each.

But as others have said, the result is unlikely to work. One reason
is that modern Ethernet hardware tends to want to chatter in both
directions before passing packets.

Another problem is that many boxes now sold as "Ethernet hubs" are
really learning bridges instead of Ethernet repeaters and so do not
forward all packets to all ports. They must be bridges instead of
repeaters if they are "10/100" hubs or able to connect 10 MHz hosts to
100 MHz hosts. If they are cheap, they lack the knobs and switches to
configure a port to receive all packets, and so no port will see all
packets.


>Dunno if a vendor sells it, in any large companies the admins do all the
>cabling themselves.


On the contrary, that it seems that everyone has the tools and parts
needed to build a few cables does not imply that they are used except
in special cases. In many large U.S. companies, contractors do most
"cable pulling," and jumpers and other impermanent cables are built by
outsider vendors. It's too expensive to build your own short cables,
unless you are getting Third World wages.


Vernon Schryver vjs@rhyolite.com

Reply With Quote
  #11 (permalink)  
Old 05-24-2007, 05:05 PM
Sebastian G.
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

Vernon Schryver wrote:


> But as others have said, the result is unlikely to work.



Well, they do work quite well. Not to mention that this is the preferred
setup for master-slave keep-alive communication for redundant firewalls on
OpenBSD.

> One reason is that modern Ethernet hardware tends to want to chatter in both
> directions before passing packets.



and doesn't break if it can't do so.

> Another problem is that many boxes now sold as "Ethernet hubs" are
> really learning bridges instead of Ethernet repeaters and so do not
> forward all packets to all ports. They must be bridges instead of
> repeaters if they are "10/100" hubs or able to connect 10 MHz hosts to
> 100 MHz hosts. If they are cheap, they lack the knobs and switches to
> configure a port to receive all packets, and so no port will see all
> packets.



Then you have to add some MAC flooding. This is exactly why I prefer some
good old classical that you can put in between the line.

> In many large U.S. companies, contractors do most
> "cable pulling," and jumpers and other impermanent cables are built by
> outsider vendors. It's too expensive to build your own short cables,
> unless you are getting Third World wages.



What do you think these vendors are doing? Right: Ethernet cable is so damn
cheap, it's like a natural resource for them. You just pull of some 100
meters, cut them as required, add the plugs and there you go.

Reply With Quote
  #12 (permalink)  
Old 05-24-2007, 05:41 PM
Vernon Schryver
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

In article <5blur5F2tj148U1@mid.dfncis.de>,
Sebastian G. <seppi@seppig.de> wrote:

>> But as others have said, the result is unlikely to work.

>
>Well, they do work quite well.


Let's wait to see if the other person can make them work. That people
who know about such things can make them work does not imply that they
are likely to work for people with less experience.


> Not to mention that this is the preferred
>setup for master-slave keep-alive communication for redundant firewalls on
>OpenBSD.


I'm sure that's all very nice, although I don't understand why one would
use Ethernet cables with one pair cut with redundant firewalls.

It is somewhat surprising to see mention of a UNIX-like operating system
from someone who elsewhere seems to think that DHCP is part of the the
"OS" and the "TCP stack" and talks about Microsoft's registry switches
that control whether the system should pay attention to Ethernet carrier
sense. In the UNIX world, DHCP is just another application, albeit one
that hammers on network interfaces. BSD style network interfaces or
drivers decide whether to pay attention to carrier, including transmitting
when there is none--that is, if the MAC chip doesn't decide the issue
itself.


>> One reason is that modern Ethernet hardware tends to want to chatter in both
>> directions before passing packets.

>
>and doesn't break if it can't do so.


"Doesn't necessarily break" and "works in some cases" are not the
same as "doesn't break." The problem is not only in the host but
also in the hub. What does your cheap hub do when it sees no carrier
on either pair? What if it is smart enough to automagically switch
the TX and RX pairs in all sockets instead of having a single extra
"uplink" socket, as is now common?

Another trouble is that HDX Ethernet is CSMA/CD. The hub cannot
do much carrier sensing (CD) if its RX pair (or the host's TX pair)
is cut.


>> Another problem is that many boxes now sold as "Ethernet hubs" are
>> really learning bridges instead of Ethernet repeaters and so do not
>> forward all packets to all ports.


>Then you have to add some MAC flooding. This is exactly why I prefer some
>good old classical that you can put in between the line.


How does one "add some MAC flooding" on a cheap hub with no management
facilities? Cheap hubs do whatever they are wired to do at the factory.
The only controls you have on them are in how you choose to connect
them to cables (including power).
As I wrote, whatever the other person finds today as a "cheap hub" is
likely to be 10/100 bridge, and so likely to be a pain for passive
packet snooping.


>> In many large U.S. companies, contractors do most
>> "cable pulling," and jumpers and other impermanent cables are built by
>> outsider vendors. It's too expensive to build your own short cables,
>> unless you are getting Third World wages.

>
>What do you think these vendors are doing? Right: Ethernet cable is so damn
>cheap, it's like a natural resource for them. You just pull of some 100
>meters, cut them as required, add the plugs and there you go.


Yes, and that cutting and plug crimping is part of the job of "cable
pulling" done by outside contractors. I'm sure that there are large
companies that do it all themselves, but I _know_ that many large
companies outsource cable pulling and buy tons of pre-built cables
in lengths ranging from short jumpers to 100 meters.


Vernon Schryver vjs@rhyolite.com

Reply With Quote
  #13 (permalink)  
Old 05-24-2007, 08:26 PM
Sebastian G.
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

Vernon Schryver wrote:


>> Not to mention that this is the preferred
>> setup for master-slave keep-alive communication for redundant firewalls on
>> OpenBSD.

>
> I'm sure that's all very nice, although I don't understand why one would
> use Ethernet cables with one pair cut with redundant firewalls.



It's about a master firewall server continually advertising its presence to
a slave server without the latter being able to accidentially invoke any
malicious behaviour on the master server. State table changes are usually
transferred on a second line, which also can be Rx-only and made Rx+Tx on
demand (when a master server has to recover the state table from the slave
server).

> It is somewhat surprising to see mention of a UNIX-like operating system
> from someone who elsewhere seems to think that DHCP is part of the the
> "OS" and the "TCP stack"



Why that?

> and talks about Microsoft's registry switches
> that control whether the system should pay attention to Ethernet carrier
> sense.



Nonsense. DHCP media sensing is a well-known mechanism/protocol that exists
on Unix as well.

> BSD style network interfaces or drivers decide whether to pay attention


> to carrier, including transmitting when there is none--that is, if the
> MAC chip doesn't decide the issue itself.


And the network drivers signal such issues to which component? Exactly the
TCP/IP stack. DHCP media sensing just is a portable way for how the TCP/IP
forwards these signals to the application (e.g. by intentionally creating a
DHCP message from a non-existent DHCP server).

>>> One reason is that modern Ethernet hardware tends to want to chatter in both
>>> directions before passing packets.

>> and doesn't break if it can't do so.

>
> "Doesn't necessarily break" and "works in some cases" are not the
> same as "doesn't break."



No, totally wrong. The sensing is supposed to "fix" problems that don't
occur on a correct setup. Use the right cabling? No need to negotiate Rx/Tx
wries. Manually setup the right speed? No speed negotiation needed.

> The problem is not only in the host but
> also in the hub. What does your cheap hub do when it sees no carrier
> on either pair? What if it is smart enough to automagically switch
> the TX and RX pairs in all sockets instead of having a single extra
> "uplink" socket, as is now common?



And as this fails as well, it bogs down to leaving it like it is.
And yes, my cheap hub doesn't try any such stupid stuff. That's exactly why
it works so well.

> Another trouble is that HDX Ethernet is CSMA/CD. The hub cannot
> do much carrier sensing (CD) if its RX pair (or the host's TX pair)
> is cut.



That's not even a problem, that's an intended feature.

>>> Another problem is that many boxes now sold as "Ethernet hubs" are
>>> really learning bridges instead of Ethernet repeaters and so do not
>>> forward all packets to all ports.

>
>> Then you have to add some MAC flooding. This is exactly why I prefer some
>> good old classical that you can put in between the line.

>
> How does one "add some MAC flooding" on a cheap hub with no management
> facilities?



Simply attach another computer that does the flooding. It could even be the
compromised machine itself, since the sniffer can verify the existence of a
stream of bogus ARP requests.

Reply With Quote
  #14 (permalink)  
Old 05-24-2007, 08:57 PM
Dan Lanciani
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

In article <f34fjj$1hk6$1@calcite.rhyolite.com>, vjs@calcite.rhyolite.com (Vernon Schryver) writes:
| In article <5blstoF2tq84fU1@mid.dfncis.de>,
| Sebastian G. <seppi@seppig.de> wrote:
|
| >>> Ehm... what about simply cutting one of the wires, trivially creating a
| >>> Rx-only ethernet cable?
| >>
| >> Clever idea...which wire do I cut, and perhaps some vendor sells such a
| >> cable to avoid the hassle?
| >
| >http://en.wikipedia.org/wiki/Etherne...ted-pair_cable
|
| Perhaps the point of that URL is to suggest doing what seems obvious
| to me. That is to buy a jumper cable at a local retail store, strip
| the out jacket, and cut one wire of the right pair. Or buy several
| cables, and cut different wires in each.
|
| But as others have said, the result is unlikely to work. One reason
| is that modern Ethernet hardware tends to want to chatter in both
| directions before passing packets.

If necessary you can always use another cheap hub to supply link pulses
to the TX pair. That is, don't just cut a pair; split it out to a separate
plug. It might be best to disable auto-negotiation, though that probably
requires something more than a cheap hub...

Dan Lanciani
ddl@danlan.*com

Reply With Quote
  #15 (permalink)  
Old 05-24-2007, 10:56 PM
Vernon Schryver
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

In article <5bman7F2stdchU1@mid.dfncis.de>,
Sebastian G. <seppi@seppig.de> wrote:

>It's about a master firewall server continually advertising its presence to
>a slave server without the latter being able to accidentially invoke any
>malicious behaviour on the master server. State table changes are usually
>transferred on a second line, which also can be Rx-only and made Rx+Tx on
>demand (when a master server has to recover the state table from the slave
>server).


"Rx-only and made Rx+Tx on demand" is nonsense in this context.
You cannot un-cut a wire "on demand," and so that stuff cannot be
using Ethernet cables with one pair cut as proposed in this thread.
Turning off Ethernet input or output or output in software does not
meet the other person's design goal of a permanent, unalterable
block on one direction.

Personally, I don't think much of the goal. If you can't trust your
host software to honor your command to be passive while snooping on an
Ethernet, then I don't think you can trust its monitoring.


>> and talks about Microsoft's registry switches
>> that control whether the system should pay attention to Ethernet carrier
>> sense.

>
>Nonsense. DHCP media sensing is a well-known mechanism/protocol that exists
>on Unix as well.


Where among the DHCP RFCs or elsewhere is that protocol documented?

Micrsooft's description at
http://support.microsoft.com/kb/239924
seems to say that it has nothing to do with DHCP except to trigger a
DHCP negotiation. That's consistent with RFC 3927.

Perhaps I should mention that I wrote the `routed` daemon that is
in a bunch of versions of UNIX-like systems including FreeBSD and
Solaris. It uses network interface state changes to trigger various
RIP, RIPv2, and router discovery protocol events. In at least some
drivers (e.g. those I've written), those IFF_RUNNING bit changes can
reflect Ethernet MAC carrier sense problems, persistent FDDI beaconing
or claiming, etc.
I guess a control on that mechanism might be called "RIP/RDISC media
sensing", but it would not be part of what I call a "TCP/IP stack."
I also doubt it would be a "well-known mechanism/protocol."



>> BSD style network interfaces or drivers decide whether to pay attention

>
> > to carrier, including transmitting when there is none--that is, if the
> > MAC chip doesn't decide the issue itself.

>
>And the network drivers signal such issues to which component? Exactly the
>TCP/IP stack.


That's not really right for my notion "TCP/IP stack." It does make sense
for how many Microsoft system administrators see TCP/IP based on old
WINSOCK libraries and other TCP/IP before before Windows NT.

> DHCP media sensing just is a portable way for how the TCP/IP
>forwards these signals to the application (e.g. by intentionally creating a
>DHCP message from a non-existent DHCP server).


It's not "portable" in a protocol sense unless your definition is
limited to what is said in Redmond as demonstrated by the lack of
hits for this URL:
http://www.google.com/search?q=dhcp+...site%3Aisc.org


>>>> One reason is that modern Ethernet hardware tends to want to chatter in both
>>>> directions before passing packets.
>>> and doesn't break if it can't do so.

>>
>> "Doesn't necessarily break" and "works in some cases" are not the
>> same as "doesn't break."

>
>No, totally wrong. The sensing is supposed to "fix" problems that don't
>occur on a correct setup. Use the right cabling? No need to negotiate Rx/Tx
>wries. Manually setup the right speed? No speed negotiation needed.


That is an (cough) unusual description of Ethernet auto-sense.


>> The problem is not only in the host but
>> also in the hub. What does your cheap hub do when it sees no carrier
>> on either pair? What if it is smart enough to automagically switch
>> the TX and RX pairs in all sockets instead of having a single extra
>> "uplink" socket, as is now common?

>
>And as this fails as well, it bogs down to leaving it like it is.
>And yes, my cheap hub doesn't try any such stupid stuff. That's exactly why
>it works so well.


What is the "this" that "fails as well"?
What bogs down and what is left "like it is"?
Eactly what is working so well?
Are you saying that you use cat-5 or cat-6 cables with only one
working pair to monitor an Ethernet? If so what are the brand and
model of your cheap hub, and what host hardware and software
(e.g. laptop) do you use?


>> Another trouble is that HDX Ethernet is CSMA/CD. The hub cannot
>> do much carrier sensing (CD) if its RX pair (or the host's TX pair)
>> is cut.

>
>That's not even a problem, that's an intended feature.


Is that an odd way of saying that a single-pair Ethernet TP cable
will not work at all on an HDX hub?
If so, what does that imply for the other person's design goal?
If a cheap hub that cannot auto-negotiate FDX because one pair is cut
falls back to HDX, and if HDX transmissions from the hub to the laptop
do not work without sensing carrier, what does that tell us?

(To be honest, I don't recall if the IEEE standard says a CSMA/CD
twisted pair, HDX hub should stop transmitting on the TX pair if
it does not sense carrier on the RX pair, and I'm too lazy to drag
out my copy or some other book such as Rich Seifert's to check.)


>>> Then you have to add some MAC flooding. This is exactly why I prefer some
>>> good old classical that you can put in between the line.

>>
>> How does one "add some MAC flooding" on a cheap hub with no management
>> facilities?

>
>Simply attach another computer that does the flooding. It could even be the
>compromised machine itself, since the sniffer can verify the existence of a
>stream of bogus ARP requests.


Oh, I thought a different notion was intended by "MAC flooding."
Doesn't this notion require that the hub not defend against that
attack by shutting down the port? Granted, that might be less
likely in a cheap hub.


Vernon Schryver vjs@rhyolite.com

Reply With Quote
  #16 (permalink)  
Old 05-24-2007, 11:22 PM
Sebastian G.
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

Vernon Schryver wrote:

> In article <5bman7F2stdchU1@mid.dfncis.de>,
> Sebastian G. <seppi@seppig.de> wrote:
>
>> It's about a master firewall server continually advertising its presence to
>> a slave server without the latter being able to accidentially invoke any
>> malicious behaviour on the master server. State table changes are usually
>> transferred on a second line, which also can be Rx-only and made Rx+Tx on
>> demand (when a master server has to recover the state table from the slave
>> server).

>
> "Rx-only and made Rx+Tx on demand" is nonsense in this context.
> You cannot un-cut a wire "on demand," and so that stuff cannot be
> using Ethernet cables with one pair cut as proposed in this thread.



What about *replacing* the cable with another one? That's exactly the point.
You have replaced the defective master server, you exchange the cable with a
normal one, you have the master server recover its state from the slave
server, then you put the Rx-only cable back in place.

> Personally, I don't think much of the goal. If you can't trust your
> host software to honor your command to be passive while snooping on an
> Ethernet, then I don't think you can trust its monitoring.



So that's why they added an optional Rx-only patch to Linux... honestly,
this is not about trust, this is about reliability. Most systems simply are
not designed to fully deal with Rx-only network traffic, neither are easily
configurable in that way.

> It's not "portable" in a protocol sense unless your definition is
> limited to what is said in Redmond as demonstrated by the lack of
> hits for this URL:
> http://www.google.com/search?q=dhcp+...site%3Aisc.org



***? As I already said, the implementation is a matter of the TCP/IP stack
of the operating system, and as you already mentioned there are multiple way
to trigger RIP or DHCP events.

Why exactly should ISC care?

(BTW, without a &safe=off&hl=en you might run into Google's censorship...)


>>> The problem is not only in the host but
>>> also in the hub. What does your cheap hub do when it sees no carrier
>>> on either pair? What if it is smart enough to automagically switch
>>> the TX and RX pairs in all sockets instead of having a single extra
>>> "uplink" socket, as is now common?

>> And as this fails as well, it bogs down to leaving it like it is.
>> And yes, my cheap hub doesn't try any such stupid stuff. That's exactly why
>> it works so well.

>
> What is the "this" that "fails as well"?



The negoitation with Tx and Rx switched. It it fails as well, the hub
assumes the normal order it has started the negotiation with.

> Are you saying that you use cat-5 or cat-6 cables with only one
> working pair to monitor an Ethernet?



Yes.

> If so what are the brand and model of your cheap hub,



Old no-name thing, model number seems to be HB-101. You know, very very old,
10TX-only and heating up very fast.

> and what host hardware and software (e.g. laptop) do you use?



FreeBSD and Wireshark. Now that's no mystery.

> If a cheap hub that cannot auto-negotiate FDX because one pair is cut
> falls back to HDX, and if HDX transmissions from the hub to the laptop
> do not work without sensing carrier, what does that tell us?



That you're wrong, it does work with HDX. Why shouldn't it? CSMA/CD doesn't
even get a share in this process.

> Oh, I thought a different notion was intended by "MAC flooding."
> Doesn't this notion require that the hub not defend against that
> attack by shutting down the port? Granted, that might be less
> likely in a cheap hub.


At any rate, what about simply placing a classical hub directly between the
other hub/switch/router/whatever and the machine?

Reply With Quote
  #17 (permalink)  
Old 05-25-2007, 01:41 AM
Vernon Schryver
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

In article <5bml2bF2t5vupU1@mid.dfncis.de>,
Sebastian G. <seppi@seppig.de> wrote:

>> It's not "portable" in a protocol sense unless your definition is
>> limited to what is said in Redmond as demonstrated by the lack of
>> hits for this URL:
>> http://www.google.com/search?q=dhcp+...site%3Aisc.org

>
>***? As I already said, the implementation is a matter of the TCP/IP stack
>of the operating system, and as you already mentioned there are multiple way
>to trigger RIP or DHCP events.
>
>Why exactly should ISC care?


Where is the primary place to look for documentation for the by far
most popular UNIX implementation of DHCP client and server?
If the documentation for dhcpd doesn't know about this "DHCP media sense
protocol," then it is probably neither very well known nor very portable.


>> Are you saying that you use cat-5 or cat-6 cables with only one
>> working pair to monitor an Ethernet?

>
>Yes.
>
>> If so what are the brand and model of your cheap hub,

>
>Old no-name thing, model number seems to be HB-101. You know, very very old,
>10TX-only and heating up very fast.
>
>> and what host hardware and software (e.g. laptop) do you use?

>
>FreeBSD and Wireshark. Now that's no mystery.


That simple report of personal experience, without the posturing
and efforts to show expertise that in fact suggested the opposite,
might do the other person some good. Ironically, it would also
have made the reporter appear more expert.

I doubt that report will do the other person any good for a bunch
of reasons. One is the modern difficulty of finding 10TX-only hubs.
(Yes, I have my own piles of junk old 10TX-only hubs, store-bought
cables, bulk cable, crimping tools, cat-5 RJ-45 plugs and sockets, old
computers with various Ethernnet interfaces including yellow hose, etc.
From the other person's questions, I doubt the availability of equivalent
resources there.)


>> If a cheap hub that cannot auto-negotiate FDX because one pair is cut
>> falls back to HDX, and if HDX transmissions from the hub to the laptop
>> do not work without sensing carrier, what does that tell us?

>
>That you're wrong, it does work with HDX. Why shouldn't it? CSMA/CD doesn't
>even get a share in this process.


Doesn't that depend on whether the hub demands carrier sense to transmit?
I agree that Dan Lanciani's suggestion of a Y cable and yet another
hub or just another port on the original hub to fake carrier should work.


>At any rate, what about simply placing a classical hub directly between the
>other hub/switch/router/whatever and the machine?


If the network to be monitored is running at more than about 9.8 Mbit/sec,
then the classical hub and host uisng 10BASE-T will miss packets.


Vernon Schryver vjs@rhyolite.com

Reply With Quote
  #18 (permalink)  
Old 05-29-2007, 06:00 AM
Martijn Lievaart
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

On Thu, 24 May 2007 22:56:22 +0000, Vernon Schryver wrote:

> Is that an odd way of saying that a single-pair Ethernet TP cable will
> not work at all on an HDX hub?
> If so, what does that imply for the other person's design goal? If a
> cheap hub that cannot auto-negotiate FDX because one pair is cut falls
> back to HDX, and if HDX transmissions from the hub to the laptop do not
> work without sensing carrier, what does that tell us?


I thought all hubs where HDX by definition. Does something like a FDX hub
really exist?

A hub forwards a frame to all it's ports, except the one it is receiving
the frame on. What to do with a frame that comes in from one of those
other ports? It cannot send that to all the other ports as they are
already busy transmitting the original frame.

This can only work in the case of a store and forward architecture, but
that is also HDX by definition because of exactly the same problem, so
why bother?

Where do I go wrong in this picture? As you usually know what you're
talking about I assume I'm making a mistake somewhere here.

M4

Reply With Quote
  #19 (permalink)  
Old 05-29-2007, 12:13 PM
Sebastian G.
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

Martijn Lievaart wrote:


> A hub forwards a frame to all it's ports, except the one it is receiving
> the frame on. What to do with a frame that comes in from one of those
> other ports? It cannot send that to all the other ports as they are
> already busy transmitting the original frame.



It can. It will create an interference, the frame gets corrupted, CSMA/CD
resolves the issue.

Reply With Quote
  #20 (permalink)  
Old 05-29-2007, 06:13 PM
Martijn Lievaart
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

On Tue, 29 May 2007 14:13:11 +0200, Sebastian G. wrote:

> Martijn Lievaart wrote:
>
>
>> A hub forwards a frame to all it's ports, except the one it is
>> receiving the frame on. What to do with a frame that comes in from one
>> of those other ports? It cannot send that to all the other ports as
>> they are already busy transmitting the original frame.

>
>
> It can. It will create an interference, the frame gets corrupted,
> CSMA/CD resolves the issue.


That is not very useful is it? Besides, in practice that is HDX.

I'm not completely sure what happens then. On a coax cable someone will
send a jam signal, but on a hub?

If the intended receiver sends back a frame to the sender, and that
sender gets that frame FDX, while all other clients see a collision, and
that has no further consequences, yes, that might work. But somehow I
doubt if it really works that way. Someone who knows?

M4

Reply With Quote
  #21 (permalink)  
Old 05-29-2007, 06:37 PM
Rick Jones
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

Ethernet "hubs" - or in olderspeak multiport repeaters - are simply
physical layer devices and are by definition half duplex. An attempt
to transmit simultaneously by any two or more stations connected to
the hub will result in a collision and the rest of the normal CSMA/CD
behaviour.

Ethernet "switches" - or in olderspeak multiport bridges - are
data-link layer devices and can operate their ports either half-duplex
or full duplex. If two stations connected to a switch both attempt to
transmit to the same third station the and everyone is full duplex,
the switch will generally have some buffering to hold the traffic
which would have otherwise "collided" If that buffering is exhausted,
then the switch will simply discard the frame. (Well, before the IEEE
started adding flow-control to Ethernet, in part I suspect because the
natural flow-control of CSMA/CD was lost when everythign went
full-duplex :)

If you see a name where the two terms are combined, it is usually the
result of marketroid interference and is otherwise a misnomer.

rick jones
--
firebug n, the idiot who tosses a lit cigarette out his car window
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

Reply With Quote
  #22 (permalink)  
Old 05-29-2007, 06:56 PM
Martijn Lievaart
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

On Tue, 29 May 2007 18:37:20 +0000, Rick Jones wrote:

> Ethernet "hubs" - or in olderspeak multiport repeaters - are simply
> physical layer devices and are by definition half duplex. An attempt to
> transmit simultaneously by any two or more stations connected to the hub
> will result in a collision and the rest of the normal CSMA/CD behaviour.


That is what I thought as well.

(snip)

>
> If you see a name where the two terms are combined, it is usually the
> result of marketroid interference and is otherwise a misnomer.


Well, I don't think Vernon enjoys being accused of marketroid
interference :-), he was the one to bring up FDX hubs and he usually
knows what he is talking about.

Guess it's all a red herring and a hub is HDX. Period.

M4

Reply With Quote
  #23 (permalink)  
Old 05-29-2007, 07:11 PM
Vernon Schryver
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

In article <pan.2007.05.29.18.57.05@rtij.nl.invlalid>,
Martijn Lievaart <m@rtij.nl.invlalid> wrote:

>> If you see a name where the two terms are combined, it is usually the
>> result of marketroid interference and is otherwise a misnomer.


The language for Ethernet has been hopelessly corrputed by marketroids.
Even the IEEE has joined the dark side by applying "Ethernet" to link
layers that have nothing to do with CSMA/CD.


>Well, I don't think Vernon enjoys being accused of marketroid
>interference :-), he was the one to bring up FDX hubs and he usually
>knows what he is talking about.
>
>Guess it's all a red herring and a hub is HDX. Period.


When writing for netnews, you can nod to the old, correct terms,
but if you want to be understood by (or helpful to) most readers,
you must use the words they encounter in the trade rags and stores
and from their friends.

If you try to byy an "Ethernet hub" at a retail store, you will probably
leave with a device that automatically handles connections to hosts and
at least one other "hub" and at mixture of 10 and 100 MHz. It might
even lack a special "uplink" socket with the TX and RX pairs swapped
but instead switch pairs on any socket automagically. Only if you shop
at a used equipment dealer can you hope to find a real 10-BASE T hub.

We recognize "10/100 hubs" as multi-port bridges, but if you try to buy
any sort of "bridge" at the retail store, you are likely to be disappointed.

If you try to buy an "Ethernet repeater," you might get some flavor of
802.11 device that acts like a 2 port Ethernet bridge and is neither
what the radio people used to call "repeaters" nor what the IEEE 802.3
standards called "repeaters."


Vernon Schryver vjs@rhyolite.com

Reply With Quote
  #24 (permalink)  
Old 05-30-2007, 08:06 AM
Martijn Lievaart
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

On Tue, 29 May 2007 19:11:45 +0000, Vernon Schryver wrote:

>>Guess it's all a red herring and a hub is HDX. Period.

>
> When writing for netnews, you can nod to the old, correct terms, but if
> you want to be understood by (or helpful to) most readers, you must use
> the words they encounter in the trade rags and stores and from their
> friends.


True, but can an 10/100 multiport bridge be FDX or is it always HDX? That
was my question. I still fail to see how it can be FDX except in very
specific circumstances (which may still make sense). (I do see how a 2
port bridge can be FDX).

Even if it is theoretically possible, are/were those really made?

(Note that this is not an entirely academic question, I do encounter
"hubs" on our network on an almost daily basis. These are always
connected to switchports that are set to 10/HDX on one end and devices
that are set to auto/auto on the other end. We never encountered any
problems, but I want to be prepared).

>
> If you try to byy an "Ethernet hub" at a retail store, you will probably
> leave with a device that automatically handles connections to hosts and
> at least one other "hub" and at mixture of 10 and 100 MHz. It might
> even lack a special "uplink" socket with the TX and RX pairs swapped but
> instead switch pairs on any socket automagically. Only if you shop at a
> used equipment dealer can you hope to find a real 10-BASE T hub.


I still have several, especially for sniffing (but I never tried a rx-
only cable). As I have several 10/100 bridges.

> We recognize "10/100 hubs" as multi-port bridges, but if you try to buy
> any sort of "bridge" at the retail store, you are likely to be
> disappointed.


Yes, these are generally not on sale anymore :-)

> If you try to buy an "Ethernet repeater," you might get some flavor of
> 802.11 device that acts like a 2 port Ethernet bridge and is neither
> what the radio people used to call "repeaters" nor what the IEEE 802.3
> standards called "repeaters."


Interesting. Yes, IIRC the original repeaters were plain amplifiers. IIRC
(again) thick and thin ethernet both could do a certain length (1,5Km?
900mtrs?) based on the RTT of the frame, but needed amplification to
achieve those lengths.

Nowadays one can buy ethernet 10base-whatever repeaters (I DON'T mean
802.11 repeaters, I work with those daily and if I never see another one
it's way too late). I guess those repeaters are really just 2 port
bridges/switches. Is this correct?

TIA,
M4

Reply With Quote
  #25 (permalink)  
Old 05-30-2007, 02:35 PM
Vernon Schryver
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

In article <pan.2007.05.30.08.06.35@rtij.nl.invlalid>,
Martijn Lievaart <m@rtij.nl.invlalid> wrote:

>True, but can an 10/100 multiport bridge be FDX or is it always HDX? That
>was my question. I still fail to see how it can be FDX except in very
>specific circumstances (which may still make sense). (I do see how a 2
>port bridge can be FDX).


Why can't a bridge be full duplex readily as a host? A major purpose
of the original bridges was to break up a collision domain, so that two
hosts could transmit at the same time without colliding. To make that
possible, a bridge has buffers for packets and generally acts like an
IP router but at the link layer. Instead of looking at IP addresses
and using static routes, RIP or some other IP routing protocol, an
Ethernet bridge looks at 48-bit Ethernet MAC addresses and uses static
routes, "learning," or Spanning Tree as the routing protocol.

>Even if it is theoretically possible, are/were those really made?


I think all of the boxes you find with
http://www.google.com/search?q=10%2F100+hub
are (or can be used as) FDX.

The fundamental CSMA/CD limits are specified in bits even at 100 MHz.
A 10 MHz Ethernet required all stations to be within 500 meters of each
other. At 100 MHz, the size of a collision domain shrinks to 50 meters.
That shrink to such a physically tiny network is why everyone was willing
to pay the costs of having 100 MHz hubs be vastly more complex multi-port
bridges that could be full duplex (FDX) instead classic repeaters.
10 MHz 10BASE-T hubs were merely multi-port repeaters. As bits came
in on one twisted pair cable, they were pumped out on all other cables.


>(again) thick and thin ethernet both could do a certain length (1,5Km?
>900mtrs?) based on the RTT of the frame, but needed amplification to
>achieve those lengths.


The CSMA/CD distance limit is that no two stations can be separated by
more than one slot time or the time required to send 64 bytes. When
two stations start transmitting at about the same time, both must hear
the other and so know about their collision during the first 64 bytes or
512 bits of the frame.


Vernon Schryver vjs@rhyolite.com

Reply With Quote
  #26 (permalink)  
Old 05-30-2007, 05:18 PM
Rick Jones
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

> True, but can an 10/100 multiport bridge be FDX or is it always HDX?

A 10/100 multiport bridge can be FDX. It is, afterall, not a "hub" :)
Not likely to do FDX at 10 since little legacy 10 mbit/s kit groked
FDX.

rick jones
--
a wide gulf separates "what if" from "if only"
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

Reply With Quote
  #27 (permalink)  
Old 05-30-2007, 07:36 PM
Martijn Lievaart
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

On Wed, 30 May 2007 14:35:00 +0000, Vernon Schryver wrote:

> In article <pan.2007.05.30.08.06.35@rtij.nl.invlalid>, Martijn Lievaart
> <m@rtij.nl.invlalid> wrote:
>
>>True, but can an 10/100 multiport bridge be FDX or is it always HDX?
>>That was my question. I still fail to see how it can be FDX except in
>>very specific circumstances (which may still make sense). (I do see how
>>a 2 port bridge can be FDX).

>
> Why can't a bridge be full duplex readily as a host? A major purpose of
> the original bridges was to break up a collision domain, so that two
> hosts could transmit at the same time without colliding. To make that


That's news to me. When I did (postgraduate) classes on networking
(admittedly a looong time ago), there was only talk about bridging
different topologies together.

> possible, a bridge has buffers for packets and generally acts like an IP
> router but at the link layer. Instead of looking at IP addresses and
> using static routes, RIP or some other IP routing protocol, an Ethernet
> bridge looks at 48-bit Ethernet MAC addresses and uses static routes,
> "learning," or Spanning Tree as the routing protocol.


That description describes indeed a possible 10/100 ethernet bridge.
However, I would call that a switch.

So my question was maybe improperly phrased. Let me rephrase. Can any
10/100 ethernet "hub" (which really is a bridge, but is sold as a hub) be
FDX?

>
>>Even if it is theoretically possible, are/were those really made?

>
> I think all of the boxes you find with
> http://www.google.com/search?q=10%2F100+hub are (or can be used as) FDX.


Actually they cannot. The better brands (f.i. Cisco) do note that. Even
if it is only implicit (Intel) where it is noted that the stack-link *is*
full duplex. The cheaper brands do not talk about duplex at all. The only
exceptions are some switches which are improperly labeled as a hub.

For even more interesting reading, try http://www.google.com/search?q=10%
2F100+hub+duplex

That leads to a.o. http://wiki.wireshark.org/HubReference that cleared up
a lot for me:

] Dual-speed hub warning
]
] Note that "dual-speed" hubs that support both 10MBit and 100MBit ports
] might not send all unicast traffic between 10MBit and 100MBit ports; if
] so, you can only capture all traffic between hosts whose Ethernet
] interfaces are both running at the same speed as the Ethernet interface
] on the machine capturing traffic.
]
] This means that if you have two hosts communicating at 100MBit/s, you
] will only be able to capture the traffic between them if the Ethernet
] interface of the machine capturing traffic is configured for 100MBit/s.
] Similarly, if you have two hosts communicating at 10MBit/s, you will
] only be able to capture the traffic between them if the Ethernet
] interface of the machine capturing traffic is configured for 10MBit/s,
] which is probably not the default configuration.
]
] Some dual-speed hubs don't connect the 10MBit and 100MBit ports at all;
] with those hubs, two hosts whose Ethernet interfaces are running at
] different speeds will not be able to communicate, so there's no traffic
] between hosts of different speeds, and thus no traffic between them to
] capture.

] Other dual-speed hubs have an internal switch connecting the 10MBit and
] 100 Mbit ports, so that only broadcast and multicast traffic, and
] unicast traffic to the host on a particular port, will be sent to that
] port if the traffic comes from a port with a different speed; with
] those hubs, two hosts whose Ethernet interfaces are running at
] different speeds will be able to communicate.
]
] If you have a dual-speed hub with an internal switch, it means that if
] you have a 10MBit host communicating with a 100MBit host, you will only
] be able to see one direction of that traffic; you will only see the
] traffic from the 10MBit host if the interface of the machine capturing
] traffic is configured for 10Mbit/s, and you will only see the traffic
] from the 100 Mbit host if the interface of the machine capturing
] traffic is configured for 100MBit/s.

So although theoretically one could device a multiport 10/100 bridge that
is not a switch, it seems that in practice most (all?) models are
implemented as two collision domains connected by a switch/bridge (and
some magic to connect the correct port to the correct collision domain).
Which means they are HDX by definition on either collision domain.

It probably would be theoretically possible to "speak" full duplex
between a host on the 10Mb segment and one on the 100 Mb segment.
However, all devices I looked at did autosensing, not autonegotiation, so
only implement HDX.

> The fundamental CSMA/CD limits are specified in bits even at 100 MHz. A
> 10 MHz Ethernet required all stations to be within 500 meters of each


Not completely correct. With 10base5, the maximum segment length is 500
meters. I could not find what the maximum collision domain length is,
although 802.3 allows for a maximum of 4 repeaters (which would mean 2Km,
which seems a bit much to me, but does somewhat coincide with my
recollection of 1,5Km)

With 10base2, the maximum length is 185 meters for a segment which can be
expanded to around 900 meters with repeaters. For 10base-T, the maximum
length is unspecified, but is expected to be around 100 meters on average
cabling, up to 150 meters on good cabling. Again, this can be extended
with up to 4 repeaters.

> other. At 100 MHz, the size of a collision domain shrinks to 50 meters.


100base-T has a maximum segment length of 100 meters, and I think a
maximum collision domain of 500 meters.

> That shrink to such a physically tiny network is why everyone was
> willing to pay the costs of having 100 MHz hubs be vastly more complex
> multi-port bridges that could be full duplex (FDX) instead classic


You lost me here. You are talking about switches, not?

> repeaters. 10 MHz 10BASE-T hubs were merely multi-port repeaters. As
> bits came in on one twisted pair cable, they were pumped out on all
> other cables.
>
>
>>(again) thick and thin ethernet both could do a certain length (1,5Km?
>>900mtrs?) based on the RTT of the frame, but needed amplification to
>>achieve those lengths.

>
> The CSMA/CD distance limit is that no two stations can be separated by
> more than one slot time or the time required to send 64 bytes. When two
> stations start transmitting at about the same time, both must hear the
> other and so know about their collision during the first 64 bytes or 512
> bits of the frame.


Yes that was it. However, that limits the collision domain, not the
maximum segment limit, which is determined by electrical limitations.
Hence the use of repeaters.

M4

Reply With Quote
  #28 (permalink)  
Old 05-30-2007, 07:37 PM
Martijn Lievaart
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

On Wed, 30 May 2007 17:18:00 +0000, Rick Jones wrote:

>> True, but can an 10/100 multiport bridge be FDX or is it always HDX?

>
> A 10/100 multiport bridge can be FDX. It is, afterall, not a "hub" :)
> Not likely to do FDX at 10 since little legacy 10 mbit/s kit groked FDX.


See my answer to Vernon. I now think that in practice, any 10/100
multiport bridge, which is not a switch, is HDX. There may have been
other implementations, but I have been unable to find them.

M4

Reply With Quote
  #29 (permalink)  
Old 05-30-2007, 10:47 PM
Vernon Schryver
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

In article <pan.2007.05.30.19.36.26@rtij.nl.invlalid>,
Martijn Lievaart <m@rtij.nl.invlalid> wrote:

>> Why can't a bridge be full duplex readily as a host? A major purpose of
>> the original bridges was to break up a collision domain, so that two
>> hosts could transmit at the same time without colliding. To make that

>
>That's news to me. When I did (postgraduate) classes on networking
>(admittedly a looong time ago), there was only talk about bridging
>different topologies together.


I'm not absolutely certain, but I think Digital, Bridge, and 3Com
Ethernet bridges predated bridging token rings and Ethernets. See
http://www.google.com/search?q=3com+history
http://www.google.com/search?q=decnet+collision+domain
http://www.google.com/search?q=decne...roadcast+storm


>> possible, a bridge has buffers for packets and generally acts like an IP
>> router but at the link layer. Instead of looking at IP addresses and
>> using static routes, RIP or some other IP routing protocol, an Ethernet
>> bridge looks at 48-bit Ethernet MAC addresses and uses static routes,
>> "learning," or Spanning Tree as the routing protocol.

>
>That description describes indeed a possible 10/100 ethernet bridge.
>However, I would call that a switch.


Old timers who are not marketoons and did not learn everything they
"know" from salescritters and the trade rags know that "switch" was
marketspeak first used to describe a brand of dumb multi-port bridges
with cut-through routing. They were so dumb that they were dangerous,
because they did not do spanning tree. The instructions cautioned
against using them in topologies with redundant links because that would
create loops in which packets would circulate forever and (virtually)
melt networks. I know of a company whose know-everything-because-they-read-
the-trade-rags-and-had-friends-who-where-sales-people network experts
bought a bunch of the first "switches," ignored that caution, created
loops, (virtually) melted networks, and then threw out Kalpana as an
evil vendor instead of admitting that they didn't know or understand
as much as they told to their bosses.

Cut-through routing is starting to transmit a packet before it has
finished arriving. If you do that between CSMA/CD networks before the
end of the first slot time, you forward collision fragments and waste
bandwidth. If you delay 64 byte-times until after the first slot time,
you waste some but less bandwidth by forwarding packets with bad
checksums. Cut-through routing can help benchmark throughput numbers
for hosts and/or protocols too little buffering (e.g. TCP window too
small), which is why trade-rag-educated experts leaped to buy Kalpana
"switches" when they first appeared.


>So my question was maybe improperly phrased. Let me rephrase. Can any
>10/100 ethernet "hub" (which really is a bridge, but is sold as a hub) be
>FDX?


I don't see a significant difference in phrasing. Judging from
http://www.hp.com/rnd/support/faqs/1....htm#question9
I am wrong and some 10/100 hubs could not do 100 FDX.

>> I think all of the boxes you find with
>> http://www.google.com/search?q=10%2F100+hub are (or can be used as) FDX.

>
>Actually they cannot. The better brands (f.i. Cisco) do note that.


Where in the first hit for that URL,
http://www.cisco.com/en/US/products/...080091e3b.html
is the mention of not handling full duplex? It does say
Eight 10BaseT/100BaseTX autosensing ports with internal bridging

The Linksys 10/100 hub at my elbow with the CiscoSystems logo has
autonegotiated 100 MHz full duplex (FDX) with some of my boxes. True,
it does say it is a "10/100 8-port Workgroup Switch Model EZXS88W"
instead of "hub," but I bought it years ago in the "hub" aisle of a
retail electronics store for next to nothing. The current street price
is less than $29 or less than the price of 8 jumper cables. The 5 port
EZXS55W is selling for less than $20. That is almost literally dirt
cheap or not much more than the bags of potting soil I bought this spring.


> Even
>if it is only implicit (Intel) where it is noted that the stack-link *is*
>full duplex. The cheaper brands do not talk about duplex at all.


Are you sure that's not because no one buys true hubs any more, because
the difference in cost between silicon that is a multi-port bridge
("switch") and silicon that is a classic 802.3 repeater ("hub") is too
low to justify making the repeater? Looking at
http://www.cisco.com/en/US/products/index.html
I see "switches" but no "hubs" among the links. Searching for "10/100
hub" I found only ancient products that have been "end of lifed" such as
http://www.cisco.com/en/US/products/...209/index.html


> The cheaper brands do not talk about duplex at all. The only
>exceptions are some switches which are improperly labeled as a hub.


I'm having trouble understanding that. I've been saying that essentially
all current 10/100 "hubs" are really multi-port bridges. That they may
be improperly labelled does not seem exciting, particularly in a
conversation where the bogus term "switch" is used heavily.


>That leads to a.o. http://wiki.wireshark.org/HubReference that cleared up


>] Some dual-speed hubs don't connect the 10MBit and 100MBit ports at all;
>] with those hubs, two hosts whose Ethernet interfaces are running at
>] different speeds will not be able to communicate, so there's no traffic
>] between hosts of different speeds, and thus no traffic between them to
>] capture.


Given any sort of incredibly mis-designed junk you can imagine, if you
look hard enough you can probably find both vendors and buyers. However,
would you buy a 10/100 connecting box that did not connect the 10 and
100 MHz networks?

>So although theoretically one could device a multiport 10/100 bridge that
>is not a switch, it seems that in practice most (all?) models are
>implemented as two collision domains connected by a switch/bridge (and
>some magic to connect the correct port to the correct collision domain).
>Which means they are HDX by definition on either collision domain.


How do you get "in practice most" from that wireshark.org article? I
would agree with "some at one time" and perhaps even "many long ago,"
but not "most today" without some marketshare numbers. That $30 8-port
Cisco box at my elbow would keep me from agreeing with "all" regardless.


>It probably would be theoretically possible to "speak" full duplex
>between a host on the 10Mb segment and one on the 100 Mb segment.
>However, all devices I looked at did autosensing, not autonegotiation, so
>only implement HDX.


What if you look at boxes that do autonegotiation? What if you look
at boxes that have not been end-of-lifed?


>> The fundamental CSMA/CD limits are specified in bits even at 100 MHz. A
>> 10 MHz Ethernet required all stations to be within 500 meters of each

>
>Not completely correct. With 10base5, the maximum segment length is 500
>meters. I could not find what the maximum collision domain length is,
>although 802.3 allows for a maximum of 4 repeaters (which would mean 2Km,
>which seems a bit much to me, but does somewhat coincide with my
>recollection of 1,5Km)


Yes, I'm wrong about that too. I was "thinking" about a purely bogus speed
of light. As 4.1.2.2 of IEEE Std 802.3-1985 says:

... A given station can experience a collision during the initial
part of its transmission (the collision window) before its transmitted
signal has had time to propagate to all stations on the CSMA/CDA
medium. One the collision window has passed, a transmitting statio
is said to have aquaired the medium; subsequent collisios are avoided
since all other (properly function) staitons can be assumed to ahve
noticed the signal (by way of carrier sense) and to be derring to it.

Section 8.6.1 assumes a sped of light of 0.77 c and a maximum end-to-end
propagation deay of 2570 ns. So a round trip is 5.14 microseconds or
about what you'd expect with a slot time of 512 bits and the frame preamble.
Figure 8-10 shows a "Maximum Transmission Path" involving 5 segments
of coax, each presumably the maximum of 500 meters given in section 8.6.1.
That's a total of 2500 meters.

>> other. At 100 MHz, the size of a collision domain shrinks to 50 meters.

>
>100base-T has a maximum segment length of 100 meters, and I think a
>maximum collision domain of 500 meters.


We're both wrong. At 10 times the bit rate, the slot time has 10% as
many microseconds, and so the speed of light limits a 100 MHz collision
domain to 250 meters.


>> That shrink to such a physically tiny network is why everyone was
>> willing to pay the costs of having 100 MHz hubs be vastly more complex
>> multi-port bridges that could be full duplex (FDX) instead classic

>
>You lost me here. You are talking about switches, not?


Again, "switch" is old market-speak for "you must buy my fast multi-port
bridge."


Vernon Schryver vjs@rhyolite.com

Reply With Quote
  #30 (permalink)  
Old 05-31-2007, 08:40 AM
Martijn Lievaart
Guest
 
Posts: n/a
Default Re: Low Cost Hub With Read-Only Ports?

On Wed, 30 May 2007 22:47:08 +0000, Vernon Schryver wrote:

> In article <pan.2007.05.30.19.36.26@rtij.nl.invlalid>, Martijn Lievaart
> <m@rtij.nl.invlalid> wrote:
>
>>> possible, a bridge has buffers for packets and generally acts like an
>>> IP router but at the link layer. Instead of looking at IP addresses
>>> and using static routes, RIP or some other IP routing protocol, an
>>> Ethernet bridge looks at 48-bit Ethernet MAC addresses and uses static
>>> routes, "learning," or Spanning Tree as the routing protocol.

>>
>>That description describes indeed a possible 10/100 ethernet bridge.
>>However, I would call that a switch.

>
> Old timers who are not marketoons and did not learn everything they
> "know" from salescritters and the trade rags know that "switch" was
> marketspeak first used to describe a brand of dumb multi-port bridges
> with cut-through routing. They were so dumb that they were dangerous,
> because they did not do spanning tree. The instructions cautioned
> against using them in topologies with redundant links because that would
> create loops in which packets would circulate forever and (virtually)
> melt networks. I know of a company whose
> know-everything-because-they-read-
> the-trade-rags-and-had-friends-who-where-sales-people network experts
> bought a bunch of the first "switches," ignored that caution, created
> loops, (virtually) melted networks, and then threw out Kalpana as an
> evil vendor instead of admitting that they didn't know or understand as
> much as they told to their bosses.


Yes, that is a well known story. I wonder if this did actually happen to
a number of companies, as the story is rather to well known. :-)

>
> Cut-through routing is starting to transmit a packet before it has
> finished arriving. If you do that between CSMA/CD networks before the
> end of the first slot time, you forward collision fragments and waste
> bandwidth. If you delay 64 byte-times until after the first slot time,
> you waste some but less bandwidth by forwarding packets with bad
> checksums. Cut-through routing can help benchmark throughput numbers
> for hosts and/or protocols too little buffering (e.g. TCP window too
> small), which is why trade-rag-educated experts leaped to buy Kalpana
> "switches" when they first appeared.


Learn something every day. Thx.

>>> I think all of the boxes you find with
>>> http://www.google.com/search?q=10%2F100+hub are (or can be used as)
>>> FDX.

>>
>>Actually they cannot. The better brands (f.i. Cisco) do note that.

>
> Where in the first hit for that URL,
> http://www.cisco.com/en/US/products/hw/hubcont/ps209/

products_data_sheet09186a0080091e3b.html
> is the mention of not handling full duplex? It does say
> Eight 10BaseT/100BaseTX autosensing ports with internal bridging


I get a different first hit, and got yet another one yesterday. However,
in the manual it is mentioned (although for this model implicitely). I
did not say every page found on this search mentions this.

>
> The Linksys 10/100 hub at my elbow with the CiscoSystems logo has
> autonegotiated 100 MHz full duplex (FDX) with some of my boxes. True,
> it does say it is a "10/100 8-port Workgroup Switch Model EZXS88W"
> instead of "hub," but I bought it years ago in the "hub" aisle of a
> retail electronics store for next to nothing. The current street price
> is less than $29 or less than the price of 8 jumper cables. The 5 port
> EZXS55W is selling for less than $20. That is almost literally dirt
> cheap or not much more than the bags of potting soil I bought this
> spring.


OK. That one is found through that search, however, it IS a switch, even
if it is branded as a hub.

>> Even
>>if it is only implicit (Intel) where it is noted that the stack-link
>>*is* full duplex. The cheaper brands do not talk about duplex at all.

>
> Are you sure that's not because no one buys true hubs any more, because
> the difference in cost between silicon that is a multi-port bridge
> ("switch") and silicon that is a classic 802.3 repeater ("hub") is too
> low to justify making the repeater? Looking at
> http://www.cisco.com/en/US/products/index.html I see "switches" but no
> "hubs" among the links. Searching for "10/100 hub" I found only ancient
> products that have been "end of lifed" such as
> http://www.cisco.com/en/US/products/...209/index.html


That may be part of it, but I looked at the specs of the first 5 or so
hubs (all of them discontinued) I could find through Google.

>
>
>> The cheaper brands do not talk about duplex at all. The
>> only
>>exceptions are some switches which are improperly labeled as a hub.

>
> I'm having trouble understanding that. I've been saying that
> essentially all current 10/100 "hubs" are really multi-port bridges.


No, I don't agree. Most 10/100 hubs are two hubs with a two port switch
or bridge between them (is there a difference between a switch and a
bridge when there are only two ports?). That is not what I would call a
multiport bridge in the technical sense, even if you can call it a
bridge. Just not a multiport bridge.

A true multiport bridge bridges between all ports, so a 10/100 switch is
a multiport bridge.

> That they may be improperly labelled does not seem exciting,
> particularly in a conversation where the bogus term "switch" is used
> heavily.


What is bogus about the term switch? It's pretty well defined I think.
Depending on your definition of bridge (which is much less well defined
in my eyes) a switch can be a bridge, but doesn't have to be.

But even if you define bridge in such a way that all switches are
bridges, the term switch defines a certain subset of bridges. See below.

>
>>That leads to a.o. http://wiki.wireshark.org/HubReference that cleared
>>up

>
>>] Some dual-speed hubs don't connect the 10MBit and 100MBit ports at
>>all; ] with those hubs, two hosts whose Ethernet interfaces are running
>>at ] different speeds will not be able to communicate, so there's no
>>traffic ] between hosts of different speeds, and thus no traffic between
>>them to ] capture.

>
> Given any sort of incredibly mis-designed junk you can imagine, if you
> look hard enough you can probably find both vendors and buyers.
> However, would you buy a 10/100 connecting box that did not connect the
> 10 and 100 MHz networks?


Apparently some people did, and I'm not in the least surprised. People
also run unpatched qmails, and still rave about barracudas. Shrug,
whatever, I'll combat such stupidity at current $ORK first before
worrying about that.

>
>>So although theoretically one could device a multiport 10/100 bridge
>>that is not a switch, it seems that in practice most (all?) models are
>>implemented as two collision domains connected by a switch/bridge (and
>>some magic to connect the correct port to the correct collision domain).
>>Which means they are HDX by definition on either collision domain.

>
> How do you get "in practice most" from that wireshark.org article? I


From all the above, not just that article.

> would agree with "some at one time" and perhaps even "many long ago,"
> but not "most today" without some marketshare numbers. That $30 8-port


For starters, empirical evidence. How many 10/100 hubs did you see in the
past year? How many of those were not two collision domains switched/
bridges together? (Yes I looked up several 10/100 hubs I have handy here
on Google (and no, these are not all soho hubs, in fact most aren't)).

Then there is the evidence by searching Google for 10/100 hubs.

Lastly, searching Google seems to imply that these kind of 10/100 hubs
were the cheapest to make at the time these devices were popular, which
ties in with all the other evidence.

No, not statistical evidence. Yet my initial question is mostly answered
by now.

> Cisco box at my elbow would keep me from agreeing with "all" regardless.


Which Cisco box? That Linksys switch which is only labeled hub, but
really is a switch?

>>It probably would be theoretically possible to "speak" full duplex
>>between a host on the 10Mb segment and one on the 100 Mb segment.
>>However, all devices I looked at did autosensing, not autonegotiation,
>>so only implement HDX.

>
> What if you look at boxes that do autonegotiation? What if you look at
> boxes that have not been end-of-lifed?


Do you have any examples of that? I could not find any. Note the context,
two collision domains that are bridged/switched.

> Section 8.6.1 assumes a sped of light of 0.77 c and a maximum end-to-end
> propagation deay of 2570 ns. So a round trip is 5.14 microseconds or
> about what you'd expect with a slot time of 512 bits and the frame
> preamble. Figure 8-10 shows a "Maximum Transmission Path" involving 5
> segments of coax, each presumably the maximum of 500 meters given in
> section 8.6.1. That's a total of 2500 meters.


Raagh, Martijn think before you type. 500 meter times 4 repeaters is
indeed 2500 meters, not 2000. Thanks for the correction.

>
>>> other. At 100 MHz, the size of a collision domain shrinks to 50
>>> meters.

>>
>>100base-T has a maximum segment length of 100 meters, and I think a
>>maximum collision domain of 500 meters.

>
> We're both wrong. At 10 times the bit rate, the slot time has 10% as
> many microseconds, and so the speed of light limits a 100 MHz collision
> domain to 250 meters.


Check. Should have figured that out myself.

>
>
>>> That shrink to such a physically tiny network is why everyone was
>>> willing to pay the costs of having 100 MHz hubs be vastly more complex
>>> multi-port bridges that could be full duplex (FDX) instead classic

>>
>>You lost me here. You are talking about switches, not?

>
> Again, "switch" is old market-speak for "you must buy my fast multi-port
> bridge."


So all multi-port bridges are switches? What is wrong with the term
switch? I don't think it's marketoid speak. It's a classification of a
certain category of devices which can be bridges (bridging between
dissimilar media), but don't have to be. The main characteristic of
switches is that they forward frames only to the intended destination
instead of to all ports when the port the destination is on is known.

I'ld be interested to know why you dislike the term switch. The fact that
marketroids have labeled devices as switches that really aren't, does not
take away the well established technical meaning of the word switch.
Which is different from the technical meaning of the word bridge. And
yes, those two overlap.

M4

Reply With Quote
Reply


« information about e-cop | Wanted Php Mysql programmers »
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
USB Card and Front Ports Grinder alt.comp.hardware 3 02-27-2007 09:09 PM
How best to install 2 DVD burners on one PC Pete alt.comp.hardware 12 10-15-2006 07:02 PM
[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1 Shannon Appel comp.security.misc 0 10-19-2005 04:37 AM
[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1 Shannon Appel comp.security.misc 0 08-30-2005 04:26 AM
[SSL-Talk List FAQ] Secure Sockets Layer Discussion List FAQ v1.1.1 Shannon Appel comp.security.misc 0 07-31-2005 04:25 AM


All times are GMT. The time now is 05:30 AM.



Powered by vBulletin® Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0 PL2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45