Apologies for the delay! I have been busy these last few weeks and content production (even something as simple as writing a blog update) takes more time and forethought than I had originally anticipated.
A few weeks ago, I had the pleasure of performing a lab in my network forensics class dealing with the collection of network traffic through the use of a layer 1 hub. For anyone who is unsure what that might look like, here is a photo of a comparable unit to the one I used in the lab:
What separates this hub from the modern switches of today is that while switches manage their network traffic thorough the use of MAC addresses, a hub does not. It simply replicates traffic to all connected ports. This was used in networks of old to create hub-and-spoke networks; but of course this has the unintended side effect of allowing other machines on your network to record information meant for a different computer. On the right side of the hub, you see a button labeled normal/uplink. This has the effect of allowing the port on the rightmost side of the hub to connect 2 similar devices, performing the functionality of a crossover wire.
The goal of the lab was to intercept the network traffic of the target computer and to demonstrate this through a wireshark packet capture that showed the Layer 3 traffic with the IP address of the target computer. I plugged the collection computer into the uplink port with uplink mode enabled, and plugged the target computer into one of the other ports. I was able to see in wireshark the IP of the target computer and I was able to see both the websites that the target was visiting through the dns display filter in wireshark, and was also able to spy on unencrypted HTTP traffic.
This lab was a really cool look at practical packet capture and helped me understand the practicality of an old school hub in network capture. Although there are a number of shortcomings with the approach (namely the need for a wired connection and the 100 Mbps bandwith limit.) Overall, I really enjoyed this lab and cannot wait for the next one.
Discover more from Hiller's Blog
Subscribe to get the latest posts sent to your email.