Wednesday, March 3, 2010

hub vs switch – sniffing

hub vs switch – sniffing


Let’s look at the difference between a hub and a switch and how one could attack them. Watch the video to see hubs and switches from a hacker’s point of view. Read the post for a more formal description. (sorry about the quality, still working on perfecting this video stuff)


A hub and a switch have the same purpose; to connect a bunch of computers via ethernet “cross over” cables to create a network. Their main difference is that a switch is much more intelligent than a hub.

On a hub, all of the internet traffic (packets) are sent to every connected computer, where it is determined whether it belongs to that computer. As you may have already guessed, this isn’t very bandwidth friendly and is bad for performance.

Switches are much smarter, they are able to inspect all the headers of the packets coming in and determine where they are coming from and to whom they are destined for. The switch then forwards the traffic to the proper destination. This greatly reduces bandwidth and offers much better performance. For this reason you won’t find many hubs these days, switches are the preferred choice for networks for obvious reasons.

Because all traffic is forwarded to all the machines on a hub, it is very easy to sniff and store the traffic since it just comes to you. The sniffed packets may include website passwords, ftp passwords, the websites the user visits and other personal information.

On a switch, since the traffic is examined and forwarded to the correct machine, how would you sniff it if it doesn’t come to you? Easy, by ARP spoofing. Watch out for a post on that very soon.

No comments:

Post a Comment