Network Hubs – Types, Operation, and Why Switches Replaced Them

1. What Is a Network Hub?

A network hub is a basic Layer 1 (Physical Layer) networking device that connects multiple Ethernet devices together in a star physical topology. Its sole function is to receive an electrical signal on one port and immediately repeat that signal out of every other port — with no knowledge of what the signal contains, where it came from, or where it should go.

Hubs were the standard LAN connectivity device throughout the 1980s and 1990s, before managed switches became affordable. Understanding how they work — and specifically why they fail under load — is essential CCNA knowledge, since it forms the foundation for understanding collision domains, CSMA/CD, and the performance advantages that switches provide.

  PC-A ──────┐
             │
  PC-B ──────┤
             ├──── HUB ──── broadcasts signal to ALL ports
  PC-C ──────┤         (no MAC table, no filtering, no intelligence)
             │
  PC-D ──────┘

  When PC-A transmits: PC-B, PC-C, and PC-D ALL receive the signal
  whether the data is intended for them or not.

2. Types of Hubs

Three distinct hub types exist, each offering a different level of signal handling capability. All three share the same fundamental limitation: they broadcast every signal to every port with no awareness of MAC addresses or network traffic.

Hub Type	Signal Handling	Power Required?	Management?	Typical Use
Passive Hub	Connects devices by propagating the raw electrical signal without any amplification or regeneration. Signal degrades with cable length.	No — purely passive electrical connection	None	Very early Ethernet wiring closets; simple wire-based patch panels
Active Hub	Receives the incoming signal, amplifies and regenerates it, then retransmits it out all other ports at full signal strength. Allows longer cable runs between devices.	Yes — requires mains power for the repeater circuitry	None	Standard Ethernet hub used throughout the 1990s; extending network segments beyond 100m UTP distance limits
Intelligent Hub	Active signal regeneration plus basic management functionality: SNMP agent, port-level traffic statistics, link status reporting, and in some models the ability to disable individual ports.	Yes	Basic — SNMP monitoring, traffic stats, port enable/disable	Early managed LAN environments where some visibility was needed before managed switches became affordable; rare in any modern network

Passive Hub

A passive hub is purely a wiring concentrator — electricity in, electricity out, with no active components. Because the signal is not regenerated, passive hubs are extremely sensitive to cable length and quality. Even modest distances cause signal attenuation severe enough to cause errors.

Active Hub

The active hub is what most people mean when they say "hub." Its built-in repeater circuitry cleans up and re-drives the signal before sending it to all other ports, allowing the full Ethernet cable distance specification (100m for Cat5e UTP — see Ethernet Standards) to be used between the hub and each connected device. This is also why active hubs are sometimes called multiport repeaters.

Intelligent Hub

An intelligent hub adds a management layer on top of active signal regeneration. An embedded SNMP agent allows a network administrator to query port statistics, monitor for errors, and receive traps when a link goes down. Crucially, it still broadcasts all traffic to all ports — the "intelligence" is limited to observation, not traffic control. Intelligent hubs were a short-lived transitional technology rapidly displaced by managed switches that offered true per-port traffic isolation.

3. How Hub Operation Works — Broadcasting and Half-Duplex

Understanding hub operation at the signal level is the foundation for understanding why collision domains exist and why CSMA/CD is necessary.

Broadcasting — All Signals to All Ports

A hub has no memory, no MAC address table, and no concept of addressing. When an electrical signal arrives on any port, the hub immediately retransmits that signal out of every other port simultaneously. It does not examine the frame, does not look at the destination MAC address, and does not make any forwarding decision. Every device connected to the hub receives every signal transmitted by any other device — regardless of whether the data was intended for them.

  PC-A sends frame to PC-C:

  PC-A ──→ HUB ──→ PC-B  ← receives it (discards — not for them)
                ──→ PC-C  ← receives it (accepts — correct destination)
                ──→ PC-D  ← receives it (discards — not for them)

  The hub cannot know or care that only PC-C should receive this frame.

Half-Duplex Operation

Because all devices share the same electrical medium through the hub, only one device can transmit at a time. This is half-duplex operation — a device can either send or receive, but never both simultaneously. Attempting to transmit while another device is transmitting causes a collision.

This is fundamentally different from a switch, where each port operates as an independent segment. A switch supports full-duplex communication on every port simultaneously — a device can send and receive at the same time with no risk of collision. See: Frame Forwarding for how switches handle this.

No Traffic Filtering

A hub has no ability to filter traffic in any way. It cannot block broadcasts, cannot isolate a chatty device, cannot enforce security policies, and cannot prioritise any type of traffic over another. Every frame — unicast, broadcast, multicast, error frames, and all — is blindly repeated to all ports.

4. Collision Domains and CSMA/CD

The single most important concept to understand about hubs is the collision domain — and the mechanism Ethernet uses to cope with it.

A collision domain is the set of network segments and devices where a data collision can occur — where two simultaneous transmissions will corrupt each other. Every port on a hub belongs to the same single collision domain. With 8 devices on an 8-port hub, all 8 devices compete for the same medium and any two transmitting simultaneously will collide.

  HUB — ONE collision domain (all ports):
  ┌─────────────────────────────────────┐
  │  PC-A  PC-B  PC-C  PC-D  PC-E      │  ← All in the SAME collision domain
  └─────────────────────────────────────┘
       If PC-A and PC-B transmit simultaneously → COLLISION ✗

  SWITCH — one collision domain PER PORT:
  ┌───────┐ ┌───────┐ ┌───────┐ ┌───────┐
  │ PC-A  │ │ PC-B  │ │ PC-C  │ │ PC-D  │  ← Each port is its own domain
  └───────┘ └───────┘ └───────┘ └───────┘
       PC-A and PC-B can transmit simultaneously → No collision ✓

CSMA/CD — Carrier Sense Multiple Access with Collision Detection

CSMA/CD is the mechanism Ethernet devices use to share the half-duplex medium of a hub-based network. It operates in four steps:

Step	Action	Detail
1. Carrier Sense	Listen before transmitting	The device checks whether the medium is currently idle. If another device is already transmitting, the device waits.
2. Multiple Access	Any device may transmit when idle	All devices have equal access to the shared medium. There is no central scheduler or token — any device that senses idle may transmit.
3. Collision Detection	Detect simultaneous transmissions	If two devices transmit at the same instant (both sensed idle), the electrical signals mix and corrupt each other. The transmitting devices detect the voltage anomaly and recognise a collision has occurred.
4. Jam Signal + Backoff	Announce collision, then wait a random time	Both devices send a 32-bit jam signal to notify all stations of the collision, then wait a random backoff period (exponential backoff algorithm) before retransmitting. The randomness prevents them from colliding again immediately.

As the number of devices on the hub increases, collisions become exponentially more frequent. More collisions → more retransmissions → more collisions → severe throughput degradation. In practice, hub-based networks with more than 4–5 active devices suffer noticeably under real workloads.

5. Hub vs Switch — Full Comparison

The switch was specifically designed to solve every fundamental weakness of the hub. This comparison is a core CCNA exam topic. See also: Frame Forwarding for a full discussion of how switches make forwarding decisions.

Feature	Hub	Switch
OSI Layer	Layer 1 — Physical	Layer 2 — Data Link
Forwarding Intelligence	None — blindly repeats every signal to all ports	MAC address table — delivers frames only to the destination port
Collision Domains	One shared collision domain for all ports	Each port is its own isolated collision domain
Broadcast Domain	All ports in one broadcast domain	All ports in one broadcast domain (VLANs segment further)
Duplex Mode	Half-duplex only — send or receive, never both simultaneously	Full-duplex per port — simultaneous send and receive with no collisions
Bandwidth	Shared across all devices — total bandwidth divided by active senders	Dedicated per port — each device gets the full link bandwidth
CSMA/CD Required?	Yes — essential for managing collisions on shared medium	No — full-duplex eliminates collisions entirely
Security	None — all devices see all traffic; trivial to sniff the entire network	Traffic isolated per port; port security, VLANs, and 802.1X available
Traffic Filtering	None — cannot filter by MAC, VLAN, protocol, or any other criterion	MAC-based forwarding; VLANs; QoS; storm control; port security
Speed Support	10 Mbps (Ethernet); some 100 Mbps (Fast Ethernet)	10/100/1000 Mbps and 10/25/40/100 Gbps on modern switches
Cost	Very low — no processing logic required	Higher, but negligible for modern unmanaged switches
Modern Use	Obsolete in production networks; lab/educational use only	Universal — the standard LAN connectivity device today

Example: In a hub-based network with 5 PCs, if PC-A and PC-B transmit simultaneously, a collision occurs — both frames are corrupted, both devices must retransmit after a random delay, and all 5 devices experience the resulting traffic spike. In an equivalent switch-based network, PC-A and PC-B can transmit simultaneously without interference, and only the intended destination port ever sees each frame.

6. Physical Characteristics

Characteristic	Detail
Port Counts	Typically 4, 8, 12, or 24 ports on consumer/small-office models
Speeds	10 Mbps (10BASE-T Ethernet) most common; some models supported 100 Mbps (100BASE-TX Fast Ethernet)
Cabling	Twisted-pair UTP with RJ45 connectors (Cat3 for 10BASE-T, Cat5 for 100BASE-TX) — see Ethernet Standards
Uplink Port	Many hubs included a dedicated uplink port (MDI-X crossover) for connecting to another hub or a router without a crossover cable
LED Indicators	Per-port link/activity LEDs (solid = link up, blinking = traffic); collision LED on some models; power LED
Power	Active and intelligent hubs require a mains power supply; passive hubs need no power

7. Network Topology — Star Physical, Bus Logical

Hubs create an interesting topological duality that is a classic exam question: they are physically wired as a star topology but behave logically as a bus topology.

  PHYSICAL topology (star):        LOGICAL topology (bus):

      PC-A                         PC-A──PC-B──PC-C──PC-D
        │                          (all share one medium — like
        │                           a single coaxial cable)
      [HUB]
        │    │    │
      PC-B  PC-C  PC-D

  Cables radiate from the hub        All devices compete for
  like spokes on a wheel             the same transmission medium

The physical star wiring makes fault isolation easier — a broken cable between one PC and the hub only affects that one PC, unlike a true bus where a break splits the entire network. But the logical bus behaviour means all the collision-domain problems of a coaxial bus network still fully apply.

Scalability: Hub-based networks scale very poorly. Adding more devices to a hub increases the number of devices competing in the same collision domain, driving up collision rates non-linearly. A hub-based segment with 10+ active devices is typically unusable under real workloads.

8. Security Implications of Hub-Based Networks

Because a hub broadcasts every frame to every port, the security implications are severe — and are the reason hubs must never be used on networks carrying sensitive data.

Security Issue	How It Works on a Hub	Impact
Passive Eavesdropping	Any device connected to the hub receives every frame on the network — including frames sent between two other devices. A NIC placed in promiscuous mode captures all traffic without sending a single packet (invisible to other devices).	Credentials, emails, file transfers, VoIP calls — all can be captured by any device on the same hub, trivially, with tools like Wireshark
No Traffic Isolation	There is no mechanism to prevent one department's device from seeing another's traffic — VLANs, port security, and 802.1X are all switch/Layer 2 features that do not exist on hubs	Complete lack of confidentiality between co-located devices; impossible to segment traffic by role or sensitivity
No Storm Protection	A malfunctioning or compromised device sending a broadcast storm cannot be rate-limited or isolated by the hub	A single rogue or faulty device can saturate the entire shared medium and deny service to all other devices on the hub

The traffic-sniffing use case: The fact that hubs broadcast everything to every port is occasionally leveraged deliberately — a network analyser connected to a hub port will passively capture all traffic on that segment. This is sometimes used in legacy lab environments for protocol analysis. On modern switched networks, a SPAN (Switched Port ANalyser) port must be configured on the switch to mirror traffic to the analyser.

9. Advantages and Limitations

Advantages	Limitations
Zero configuration — plug in and it works immediately; no IP address, no VLAN setup, no firmware Very low cost — no processing logic; just a repeater circuit Simple fault isolation — star physical topology means one bad cable only affects one port Useful for passive traffic capture — all traffic visible on every port; no SPAN configuration needed	Single shared collision domain — all devices compete for the medium; collisions degrade performance rapidly Half-duplex only — no simultaneous send and receive; effective throughput is a fraction of rated speed Shared bandwidth — all devices share the total bandwidth; adding devices dilutes each device's effective share No security — every device sees every frame; trivial to sniff all traffic from a single connected host No traffic filtering or QoS — cannot prioritise or block any traffic Obsolete speeds — maximum 100 Mbps; modern networks require Gigabit or faster Not suitable for production — replaced entirely by switches in all real-world deployments

Advantages

Limitations

Zero configuration — plug in and it works immediately; no IP address, no VLAN setup, no firmware
Very low cost — no processing logic; just a repeater circuit
Simple fault isolation — star physical topology means one bad cable only affects one port
Useful for passive traffic capture — all traffic visible on every port; no SPAN configuration needed

Single shared collision domain — all devices compete for the medium; collisions degrade performance rapidly
Half-duplex only — no simultaneous send and receive; effective throughput is a fraction of rated speed
Shared bandwidth — all devices share the total bandwidth; adding devices dilutes each device's effective share
No security — every device sees every frame; trivial to sniff all traffic from a single connected host
No traffic filtering or QoS — cannot prioritise or block any traffic
Obsolete speeds — maximum 100 Mbps; modern networks require Gigabit or faster
Not suitable for production — replaced entirely by switches in all real-world deployments

10. Use Cases and Relevance Today

Hubs have been effectively obsolete in production networking since the late 1990s when 10/100 Mbps switches became affordable for small businesses and homes. However, three niche contexts keep them relevant for CCNA study.

Context	Why Hubs Are Used	Notes
Educational / Lab Environments	Hubs make collision domains, CSMA/CD, and broadcast behaviour directly observable. Students can capture traffic from any device on the segment without any configuration.	Cisco Packet Tracer and GNS3 include hub devices specifically for teaching these concepts
Legacy Networks	Older industrial, manufacturing, and building-automation installations may still have hubs embedded in equipment or wiring closets that pre-date affordable switches	Replacement is always recommended — legacy hubs represent a performance and security risk
Passive Traffic Capture	Inserting a hub between a device and its switch port creates a passive tap — a connected analyser sees all traffic without the need for a SPAN port	Only practical for low-speed (10/100 Mbps) links; dedicated network TAPs are preferred in professional environments

11. Troubleshooting Hub Issues

Because hubs have no software, configuration, or intelligence, their failure modes are entirely physical. Troubleshooting is straightforward but must be systematic. See also Troubleshooting Connectivity for a broader diagnostic framework.

Symptom	Possible Cause	Diagnostic Steps
Complete network failure — no devices can communicate	Hub has no power; hub hardware failure; upstream link down	Check power LED; verify power cable and outlet; try a different power supply; replace hub if power is confirmed but no ports show link activity
One device cannot connect; all others work	Faulty cable to that device; faulty NIC on the device; bad hub port	Check the port's link LED; swap to a known-good cable; move the device to a different hub port to isolate whether the fault is the cable, the NIC, or the port
Very slow performance; all devices affected	High collision rate due to too many active devices; a device sending a broadcast storm; a faulty NIC in jabber mode	Reduce the number of devices on the hub; use a cable tester and Wireshark to identify the offending device; consider replacing the hub with a switch
Intermittent connectivity on one or more ports	Marginal cable (near distance limit or damaged); loose RJ45 connector; intermittent hub port fault	Test cables with a cable tester; re-crimp or replace connectors; swap ports; check for physical damage to the cable run
Collision LED flashing constantly	Normal under load, but constant collisions indicate either too many devices or a device in a fault state (NIC driver issue, duplex mismatch with an uplinked switch port)	Check number of active devices; verify that any switch the hub uplinks to has the port set to half-duplex and matching speed

12. Example Scenario — Hub Collision in Practice

John's small office has five PCs (PC-A through PC-E) all connected to an 8-port hub. The hub runs at 10 Mbps shared across all ports.

  PC-A ──┐
  PC-B ──┤
  PC-C ──┼── 10 Mbps HUB
  PC-D ──┤
  PC-E ──┘

  Scenario: PC-A (sending a large file to PC-C) and PC-B
  (sending an email to PC-D) both begin transmitting at the same moment.

  Step 1: Both PC-A and PC-B sense the medium — it appears idle
          (they started within microseconds of each other).

  Step 2: Both begin transmitting simultaneously.
          The hub repeats BOTH signals out of ALL other ports.

  Step 3: The signals mix and corrupt each other — COLLISION.
          PC-A and PC-B both detect the voltage anomaly.

  Step 4: Both send a jam signal to notify all stations.
          Both wait a random backoff period before retrying.

  Step 5: The entire segment (all 5 PCs) experienced the collision —
          even though only PC-A and PC-B were transmitting.

  With a switch instead:
  PC-A → Switch → PC-C (Port 3 only)
  PC-B → Switch → PC-D (Port 4 only)
  These happen simultaneously with NO collision, full 10 Mbps each. ✓

13. Key Points & Exam Tips

A hub is a Layer 1 (Physical Layer) device — it processes only electrical signals; no MAC table, no addressing awareness. See: OSI Model
Hubs broadcast every signal to every port — no filtering, no intelligence, no exceptions.
All ports on a hub share one single collision domain. All ports on a hub also share one broadcast domain.
Hubs operate in half-duplex only — devices can send or receive, never both at once. CSMA/CD is required to manage collisions.
Switches eliminate collisions by giving each port its own collision domain and operating in full-duplex. See: Frame Forwarding
Physical topology with a hub = star. Logical topology = bus (all devices share one medium).
Active hubs amplify and regenerate signals (require power); passive hubs do not (no power needed).
Intelligent hubs add basic SNMP management but still broadcast all traffic to all ports — they are not switches.
A hub's broadcast behaviour makes it a trivial eavesdropping risk — any connected device can capture all network traffic in promiscuous mode.
Hubs are obsolete in production networks but remain relevant for CCNA study as the reference point for understanding why switches were invented.

14. Summary

Aspect	Hub Behaviour / Detail
OSI Layer	Layer 1 — Physical Layer only
Function	Multiport repeater — broadcasts all signals to all ports
Hub Types	Passive (no power, no amplification), Active (amplifies/regenerates), Intelligent (active + basic SNMP management)
Collision Domains	One shared collision domain for all ports — all devices compete for the same medium
Duplex	Half-duplex only — CSMA/CD required to handle collisions
Topology	Physical star, logical bus
Security	None — every device sees every frame; trivial passive sniffing
Max Speed	10 Mbps (Ethernet) / 100 Mbps (Fast Ethernet) — shared across all ports
Modern Status	Obsolete in production — replaced entirely by switches
Still Relevant For	CCNA study, educational labs, understanding collision domains and CSMA/CD

Hub Quiz

1. At which OSI layer does a hub operate, and what does that mean for how it handles traffic?

A. Layer 2 — it uses MAC addresses to forward frames to the correct port B. Layer 3 — it uses IP addresses to route packets between networks C. Layer 4 — it manages TCP session establishment and teardown D. Layer 1 — it handles only electrical signals, with no awareness of MAC addresses, frames, or any addressing — it simply repeats every signal to every port

Correct answer is D. A hub operates exclusively at OSI Layer 1 (Physical Layer). It processes only electrical signals — it has no concept of frames, MAC addresses, IP addresses, or any higher-layer construct. When a signal arrives on any port, the hub's repeater circuitry immediately re-drives that signal out of every other port. This is the root cause of all hub limitations: without the ability to read a destination MAC address, it cannot deliver traffic selectively — it can only broadcast everything everywhere.

2. What is the key difference between a passive hub and an active hub?

A. Passive hubs amplify signals; active hubs simply pass them through B. Active hubs amplify and regenerate incoming signals before retransmitting; passive hubs propagate the raw signal without modification and require no power C. Passive hubs include SNMP management; active hubs do not D. Active hubs require no power supply; passive hubs need mains power

Correct answer is B. A passive hub is a purely electrical wiring concentrator with no active components — it joins cable segments together and passes whatever signal arrives through to the other ports, allowing signal attenuation to accumulate over distance. An active hub contains repeater circuitry that receives the incoming signal, cleans it up, regenerates it at full strength, and retransmits it — this is why active hubs are also called multiport repeaters and why they require a power supply. Despite this difference, both types broadcast to all ports with zero traffic intelligence.

3. Which statement most accurately describes the broadcasting behaviour of a hub?

A. Every signal arriving on any port is immediately retransmitted out of all other ports, regardless of destination — all connected devices receive all traffic at all times B. The hub reads the destination MAC address and forwards the frame only to the intended port C. The hub filters traffic based on IP subnet and forwards only to the correct subnet's port D. The hub maintains a MAC address table and updates it as devices send traffic

Correct answer is A. A hub has no MAC table, no frame inspection, and no filtering capability of any kind. Every signal that arrives on one port is immediately and unconditionally retransmitted out of every other port. This means PC-B, PC-C, and PC-D all receive the frame that PC-A sent to PC-C — and each NIC must individually check whether the destination MAC matches its own and silently discard the frame if it does not. This behaviour is what makes hub networks inefficient and insecure.

4. How many collision domains does a 12-port hub create?

A. 12 — one per port B. 6 — one per pair of ports C. 1 — all ports share a single collision domain D. 0 — hubs eliminate collision domains entirely

Correct answer is C. A hub creates exactly one collision domain regardless of the number of ports. Because the hub broadcasts every signal to every port, all ports are electrically on the same shared medium — any two devices transmitting simultaneously will cause a collision detectable by all other devices. A 12-port switch, by contrast, creates 12 isolated collision domains — one per port — allowing all devices to transmit simultaneously without collisions.

5. CSMA/CD is the collision management mechanism for hub-based Ethernet. What does the "CD" stand for, and what happens immediately after a collision is detected?

A. Collision Delay — the device immediately retransmits after detecting a collision B. Collision Detection — both transmitting devices stop, send a 32-bit jam signal to notify all stations, then wait a random backoff period before attempting to retransmit C. Collision Deference — devices politely defer transmission to each other using a token-passing mechanism D. Collision Decrease — the hub automatically reduces port speeds to prevent further collisions

Correct answer is B. CD stands for Collision Detection. When two devices transmit simultaneously and cause a collision, both devices detect the resulting voltage anomaly on the medium. They immediately stop transmitting and broadcast a 32-bit jam signal to ensure all stations on the segment know a collision has occurred. Each device then waits for a randomly determined backoff period (calculated using the exponential backoff algorithm) before attempting to retransmit. The random wait prevents the same two devices from colliding again immediately.

6. Why must a hub-connected device operate in half-duplex mode?

A. Because hubs use a token-passing protocol that requires devices to wait for permission to transmit B. Because hub ports are physically wired for transmit only C. Because the hub's ASIC chip limits devices to alternating transmit/receive cycles D. Because all devices share the same electrical medium through the hub — a device cannot simultaneously transmit and receive on the same shared medium without its own signal corrupting the incoming signal it is trying to receive

Correct answer is D. Half-duplex is a physical necessity imposed by the shared-medium architecture of a hub, not a configurable option. When all devices are on the same electrical medium (as they are through a hub), a device transmitting a signal would instantly corrupt any signal it was simultaneously trying to receive on the same wire — they would mix together. This is why full-duplex requires dedicated separate transmit and receive paths per device, which only a switch's isolated port architecture can provide.

7. A network engineer replaces a 16-port hub with a 16-port switch. How does the number of collision domains change?

A. From 1 collision domain to 16 collision domains — the switch gives each port its own isolated domain B. No change — both devices create one collision domain per segment C. From 16 collision domains to 1 — the switch combines all ports into one D. From 1 to 0 — switches eliminate collision domains entirely

Correct answer is A. The hub has all 16 ports in one collision domain — any two of the 16 devices transmitting simultaneously cause a collision. Replacing it with a switch creates 16 separate collision domains — one per port. Each port operates independently; a device on port 1 and a device on port 2 can transmit simultaneously without any collision because the switch buffers and forwards each frame separately. Note that broadcast domains are unaffected — both hub and switch (without VLANs) share one broadcast domain for all ports.

8. What additional capability does an intelligent hub offer over an active hub, and does it change the fundamental traffic behaviour?

A. It adds MAC address filtering so traffic is only sent to the correct port B. It adds VLAN support so different port groups can be traffic-isolated C. It adds full-duplex support on all ports using advanced signal processing D. An intelligent hub adds basic management capabilities — SNMP monitoring, per-port traffic statistics, and link status reporting — on top of active signal regeneration, but still broadcasts all traffic to all ports

Correct answer is D. An intelligent hub is an active hub with an embedded SNMP agent that allows a network administrator to query port-level statistics (frame counts, error rates, link status) and receive SNMP traps when events occur. Some intelligent hubs also allow individual ports to be disabled via management. Critically, none of this management capability changes how the hub handles data — it still broadcasts every signal to every port with zero traffic filtering or MAC-address awareness. Intelligent hubs were a short-lived category, rapidly superseded by managed switches that offered true per-port traffic isolation.

9. A hub creates a star physical topology. What logical topology does it actually behave as, and why?

A. Ring topology — because signals circulate around the ports in sequence B. Mesh topology — because every device can communicate directly with every other C. Bus topology — because all devices share a single transmission medium and a signal from any device is received by all others simultaneously D. Switched topology — because the hub selectively forwards traffic to reduce collisions

Correct answer is C. Although devices are physically wired in a star pattern (each device has its own cable run to the central hub), the hub's broadcast behaviour means all devices share exactly one electrical medium — logically identical to old coaxial bus Ethernet (10BASE2 / 10BASE5) where all devices were literally connected to the same cable. The same collision domain, the same CSMA/CD requirement, and the same half-duplex constraints all apply. The physical star just makes cable fault isolation easier: a break in one cable only affects that one device, unlike a true bus where a break splits the entire network in two.

10. A technician notices that a network analyser connected to a hub port is capturing frames sent between two other devices on the same hub. Why is this possible, and what does it reveal about hub security?

A. Because the hub broadcasts every frame to every port — a NIC in promiscuous mode captures all traffic without sending a single packet, making passive eavesdropping trivially easy with no configuration required B. Because the hub is performing a SPAN (mirror) function on that port C. Because the analyser has been configured as the default gateway for the hub segment D. Because the hub performs ARP inspection and mirrors suspicious traffic to the analyser port

Correct answer is A. This is a direct consequence of the hub's broadcast architecture. Every frame transmitted by any device on the hub is electrically present on every port simultaneously — the hub makes no distinction between ports. A NIC placed in promiscuous mode (which bypasses the normal filter that discards frames not addressed to that NIC) will capture and deliver every frame to the OS and any packet analyser running on it. No configuration, no special ports, and no detectable activity is required — the eavesdropper is completely silent. This is fundamentally different from a switch, where only frames addressed to a specific port's MAC are delivered to that port, and a dedicated SPAN (mirror) port configuration is needed for traffic capture.

← Back to Home