Simon Bradley wrote:
Guys,
I think I may be able to answer my own question. I've just found this
sentence in the hub's documentation:
"Every port automatically operates at the proper speed, while the built-in
self-learning 10 to 100 Mbps bridge automatically discovers where each user
is and filters or forwards traffic accordingly."
Yes, that's how "dual-speed" hubs work. If a dual-speed hub isn't a
real switch, it is, I think, something like a 10Mb/s hub and a 100Mb/s
hub in the same box, with the hardware automatically connecting ports to
the 10Mb/s portion or the 100Mb/s portion depending on the speed of the
port.
For a non-switched hub of this sort, a 10Mb/s port will see all 10Mb/s
traffic and a 100Mb/s port will see all 100Mb/s traffic. I don't know
whether the two internal hubs are unconnected (so that the 10Mb/s ports
see *no* 100Mb/s traffic and the 100Mb/s ports see *no* 10Mb/s traffic)
or connected by an internal switch (so that broadcast and multicast
traffic goes to all ports regardless of speed, but unicast traffic goes
only to the port that appears to have an adapter with the destination
address of the packet, if any) - the description seems to imply the latter.
So, the hub is in fact more clever than I thought. I don't know if it's a
true switch (I'm not 100% sure of the definitions here), but it seems to be
more than just a hub.
A true switch would direct unicast traffic only to the proper port in
*all* cases, even if the source and destination (unless it didn't yet
know what the proper port was, as it hadn't seen any unicast traffic
*from* that port).
However, at least as you describe your network, I'd expect all incoming
traffic from the Internet to go through the hub and, if the laptop
monitoring the traffic has its Ethernet adapter running at the same
speed as the cable modem (probably 10Mb/s), I'd expect it to see *all*
traffic from the Internet - not *none* of the traffic, as you're reporting.
If the laptop has its Ethernet adapter running at a speed *other* than
the one the cable modem's running at, I wouldn't expect it to see
traffic from the Internet.
*However*, if the wireless router is running at the same Ethernet speed
as the cable modem, I wouldn't expect the laptop to see any traffic from
it, either - i.e., I wouldn't expect it to see any traffic going *to*
the Internet, either!
You're seeing that traffic, which suggests that the wireless router is
running at a different speed (e.g., 100Mb/s). If there's an internal
switch in the hub, connecting the set of 10Mb/s ports and 100Mb/s ports,
it'll forward multicast and broadcast traffic from any port to all
ports, and will forward unicast traffic from the wireless router to the
cable modem port, even though they're not running at the same speed, but
*not* to any other 10Mb/s ports.
If the laptop's Ethernet adapter is configured to run at 100Mb/s, and it
can be configured to run at 10Mb/s (there might be something in the
properties for the adapter to do that), try doing that.
If you start seeing traffic *from* the Internet, but *stop* seeing
traffic *to* the Internet, you probably have the cable modem running at
10Mb/s, the wireless router running at 100Mb/s, and a dual-speed hub
with a switch connecting the 10Mb/s and 100Mb/s port sets.
Unfortunately, that means the hub won't help you monitor both directions
of traffic. If the problem is that the wireless router's running the
port plugged into the hub at 100Mb/s, you'll somehow need to lower that
to 10Mb/s. I'm assuming the wireless router port plugged into the hub
is the non-switched port (the online data sheet speaks of one 10/100
port and four switched 10/100 ports, with the stand-alone port
presumably being the one you plug into your broadband modem and the
other ports being the ones you plug wired client machines into).
I don't see anything in the online manual for the WRT54GS to let you
force the port to a given speed, but perhaps it's buried deeper in the
UI than the manual shows.
If the other hub you mention is 10Mb/s-only, using *that* hub might
force the WRT54GS to run at 10Mb/s, which should let you see all traffic
(that might also force the laptop to 10Mb/s, too, so you might not have
to configure any adapters to 10Mb/s).
I'm guessing the incoming packets are being sent only to the router, and not
to the monitor laptop. Does it make sense that the hub would be able to do
this, considering the destination machines are not directly connected to the
hub?
Yes - if the WRT54GS is acting as a NAT box, so that it has whatever
your ISP thinks is your IP address, then, as far as the cable modem is
concerned, the destination machine is the WRT54GS, and it *is* directly
connected to the hub.
The outgoing packets are being sent to the router as well as to the monitor
laptop, so I'm guessing the hub isn't able to figure out where these packets
should be sent for some reason.
Or that it can figure out which 10Mb/s ports should get those packets
(the cable modem), but it sends them to *all* 100Mb/s ports (including
the laptop).
