1

One of my clients is a small school district in Texas. Like any school, they often have problems with network'd peripherals such as printers, et al.

It would be nice to be able to simply "listen" to what the printer and PC are saying to each other (or not saying more importantly)... The problem is that I can't find old-style "hubs" anymore, and even if I could, it's not a long-term solution.

All of the devices that I have found to replicate the purpose of a simple hub are either $100+ or are difficult to throw into a networking tool kit (aka my backpack)...

Now that hubs are dead, what's the new low-cost standard for simple packet capture in the networking world?

Soviero
  • 4,306
  • 7
  • 34
  • 59
  • 3
    A small managed switch that supports port mirroring/monitoring/spanning. – joeqwerty Sep 18 '12 at 21:21
  • 1
    @joeqwerty, that's not something you can safely label as "low-cost"... – Massimo Sep 18 '12 at 21:27
  • A NetGear ProSafe 8-port Gigabit Smart Switch can be had for US $119.00. A Dell PowerConnect 2808 can be had for US $149.00. They both support port mirroring. Yes, they're more than $100.00 but I'd hardly call them expensive. – joeqwerty Sep 18 '12 at 22:18
  • Not as cheap as you like, but I have a couple of these. http://store.netgate.com/Netgate-m1n1wall-2D3-2D13-Silver-P219C83.aspx. I linux installed. It bridges a pair of the ports, will run DHCP, and establish a VPN to my management system. That way I can ship the box off to somebody, and they can plug it in. – Zoredache Sep 18 '12 at 22:58

2 Answers2

3

I see only these ways to do this:

  • Ultra low cost: Get a old PC with two network cards. Not portable, but cheap.
  • The same with a laptop with two network cards. Might need a cardbus/PCMIA card for the second NIC. This is probably the best solution if you already have a laptop.
  • Find an old fashioned hub. Many people tend to keep at least one of those around for precisely this purpose.
  • Look for old (read: 100mbit only) managed switches with port mirroring. Buying these new is not cheap, but in the last 3 years I got half a dozen of those of scrap heaps because they were replaced with more modern switches with Gbit or PoE features.

I would love to add poke you boss for the tools needed to do your job. Given your question I suspect that is not an option, but 'It saves me X hours per year' 'Price is Y' 'Return on investment is <=3 years' is a powerful argument.

Hennes
  • 4,772
  • 1
  • 18
  • 29
2

Does it have to be hardware? If you're troubleshooting traffic to/from a particular PC, could you run a program to capture packets? I guess you probably don't want to install WireShark, but there are programs that will run directly from a USB stick without requiring installation (SmartSniff is one example).

Chris McKeown
  • 7,128
  • 1
  • 17
  • 25
  • Software can not capture packets unless they are on the line. That is fine with hubs or managed switches with port mirroring, but with unmanaged switches these packets never arrive at the PC with the software. Which makes it hard to capture what is not there. :) – Hennes Sep 26 '12 at 23:20
  • From the original question, he wants to "listen" to what the printer and PC are saying to each other. I'm talking about running the software on the PC in question - hence a piece of software that doesn't require installation :-). Completely agree that hardware is a better idea since you're monitoring from a neutral position but if there's no other option then this might be second best. – Chris McKeown Sep 26 '12 at 23:33
  • You make a good point for that specific case. I was still thinking in the general 'intercept from sysadmin PC' scenario. – Hennes Sep 26 '12 at 23:40