Can modern switches act like hubs?
I've been trying to find a hub, specifically for the packet broadcast characteristic. I'm troubleshooting a NAS behind a NAT router and want to look at the traffic arriving on the wire and this seems the easiest, fastest way.
Regardless--this is not a question about that; that question is here--I've been having difficulty finding just plain hubs. Most everything these days is switches it seems. That made me wonder if perhaps modern switches can be made to broadcast packets like a hub, rendering hubs unnecessary. Can anyone confirm whether that is in fact the case?
No, not entirely (or none I've ever seen), but you can get managed and smart switches to perform Port Mirroring, which will give you all the traffic on the switch on one port.
Some folk believe that you can force certain types of switches to send out all the frames they receive on all ports, using an MAC or ARP flood attack, but I've no experience with that kind of thing. It is a very old vulnerability, and most manufacturers probably have some mitigation in place.
I use an old hub for network troubleshooting as well. They're hard to come by these days. There appear to be a few on Amazon and you may find some on ebay as well. Make sure to read the tech specs carefully to make sure you're actually getting a hub, as opposed to a switch.
http://www.amazon.com/s/ref=sr_nr_n_2?rh=n%3A281413%2Ck%3Anetwork+hub&keywords=network+hub&ie=UTF8&qid=1396311331&rnid=2941120011
A point of clarification: A hub does not broadcast Ethernet frames to all ports (except for broadcast traffic). A hub floods Ethernet frames to all ports. There's a distinct difference between a unicast frame intended for a single host being flooded to all ports and a broadcast frame meant for all hosts being broadcasted to all ports.
Also, there are two types of broadcasts:
Layer 2 broadcasts which are meant for all hosts on the same physical segment.
Layer 3 broadcasts which are meant for all hosts in the same layer 3 network (network/subnet).
As a final note, multicast traffic often behaves like broadcast traffic in that it is flooded to all ports and hosts interested in that traffic can choose to accept it and those not interested discard it.
First, Gigabit Ethernet doesn't allows hubs. When the IEEE first defined GigE, they briefly had a spec for how a GigE hub should work, but no one ever shipped one, and the IEEE quickly deprecated the spec and recommended that GigE always be switched. (Trivia note: This means that GigE is technically not CSMA/CD.)
You can still buy 100BASE-TX hubs if you know where to look, especially so-called "dual-speed hubs". A 10/100 dual-speed hub is effectively a combination of a 10BASE-T hub and a 100BASE-TX hub in the same box, with a 2-port bridge (switch) chip in between the two hubs. If a 100BASE-TX device is connected to a port, that port gets connected to the 100BASE-TX hub. If a 10BASE-T device is connected to a port, that port gets connected to the 10BASE-T hub. So all 100BASE-TX devices can snoop on each others' unicast traffic, and all 10BASE-T devices can snoop on each others' unicast traffic. But the 100BASE-TX devices can't snoop on the 10BASE-T devices' unicast traffic (or vice-versa), because there's a bridge in between.
Since you probably don't have an 10BASE-T-only equipment around anymore, a dual-speed hub is going to be exactly the same as a pure 100BASE-TX hub for your purposes.
And, of course, as others have pointed out, manageable switches often allow you to set up "port mirroring", also known as "port spanning" or "sniffer port" in some products, which allows you to make sure that one port sees all the traffic to/from another port on the switch, for the sake of sniffers and other traffic monitoring tools.