Hubs might appear to be Layer 2 (Data Link) devices, and I wouldn’t blame you if you thought of them as such; however, hubs are actually Layer 1 (Physical) devices. Hubs are, in a sense, “dumb.” They are unintelligent devices that simply provide connectivity to several devices. A long time ago, we used hubs as a central connection point for our workstations. This is back when the star-topology was popular.
From the diagram depicted above, you can see how all the workstations are connected to a central hub. The hub allows each workstation to share files, pictures, music, and other documents to the other workstations connected to the hub. But, as I just mentioned, hubs are unintelligent devices. Hubs contain 4 or more RJ-45 ports that computers can connect to. The thing is, however, whenever a workstation communicates through the hub, such as sending a print job to a local printer on the hub, EVERY port is flooded with the print job too! The other workstations on the hub will receive the print job, but they won’t process it because the frame was not intended for them. In a similar situation, if workstation A wants to share a file with workstation B, the file gets sent to workstation B, but the hub sends a copy to every workstation on the hub too. Only Workstation B will process the file though.
This inability of the hub to “learn” the addresses of computers that are connected to it is just one of the several concerns regarding the use of hubs. Number 1, it takes up bandwidth. Number 2, hubs run in half-duplex mode, meaning that only one device connected to the hub could communicate at a time. There is no simultaneous transmission and receiving while using a hub. If, for example, two workstations connected to the same hub sent a message out at the same time, there would be a collision. And, number 3, since all traffic is shared between the devices connected on the hub, an attacker can connect to the hub and eavesdrop on the communication going back-and-forth between the devices. All an attacker has to do is plug their computer into the hub, open Wireshark, and begin eavesdropping. He can then ARP poison the local network for MAC addresses and IP addresses of connected devices for spoofing and Man-in-the-Middle attacks.
For this reason, hubs have been predominantly replaced by switches, since they are more intelligent devices that have the ability to learn the MAC address of every device connected to it and can send unicast data, instead of broadcasting potentially sensitive information to every device connected to the hub.
The Cybersecurity Man 
[…] the devices connected to it in order to enable unicast traffic (one-to-one). As you saw from my last post, hubs forward a copy of a host’s traffic to every other host connected to it, which is […]
LikeLiked by 1 person
[…] that same switch (with the exception of unicast flooding). This was one of the design flaws about hubs that made ultimately them big security risks. Therefore, if you want to get access to a connected […]
LikeLiked by 1 person