sniffer
1. Looking at the tcp.log file it's captured so far has awakened me to the possibility that the box may not in fact be on a switched network. My interface has a single ip bound to it but was running in promiscuous mode due to the sniffer. It captured connection attempts from ips to ips which were not bound to my interface at all. Does this strongly imply that I am simply connected to a hub? (if the answer to this is no, then the following questions probably become meaningless).
2. It seems to me that having web servers, or any type of servers for that matter, on a hubbed network is asking to be compromised. My question and challenge to the hosting providers therefore is this: do you provide switched-only networks? And do those of you who provide some hubbed networks dare to stand out and say that you do?
3. (I have no clue about this, but) are there actually any manageable hubs around? ie. hubs that can provide snmp data for mrtg graphs, or can otherwise chart bandwidth usage without double-counting traffic use by other parties on the hub?
