Key Points
- A network hub is a hardware device that connects multiple devices to a single network, broadcasting data to all connected ports.
- Hubs operate at the OSI physical layer and cannot route or filter traffic selectively.
- Passive, active, and intelligent hubs differ mainly in whether they amplify signals or provide monitoring.
- Because hubs broadcast to every port, any connected device can intercept all traffic on the segment.
- Network switches have replaced hubs in virtually all modern deployments due to better performance, security, and scalability.
Network hubs are among the oldest building blocks of wired networking, yet they remain a frequent source of confusion when comparing them to switches, routers, and modern access control systems. Understanding what a network hub is and why it fell out of favor helps clarify why modern network security depends on smarter, protocol-aware infrastructure.
What is a Network Hub?
A network hub is a hardware device used to connect multiple devices to a single network. The hub serves as a central point of connection, enabling communication between all connected devices.
Operating at Layer 1 (the physical layer) of the OSI model, a network hub broadcasts data packets to all of its connected devices, regardless of which device the data is intended for.
Hubs were once a standard part of network infrastructure, used to connect multiple machines in a local network LAN. Today, they have largely been replaced by more sophisticated devices like network switches.
How Do Network Hubs Work?
When a data packet is sent to a hub, the hub broadcasts that packet to all ports and connected devices. Each connected device then determines whether the packet is intended for it. If a packet is intended for a specific device, that device processes it while all other devices discard it.
This process is fundamental to how hubs operate. However, it also introduces significant inefficiencies and security risks. Because every device receives every packet, network performance degrades as more devices are added to the hub, and any device on the segment can observe all traffic passing through it.
Common Types of Network Hubs
There are three primary types of network hubs that were commonly deployed: passive hubs, active hubs, and intelligent hubs. Each type serves different roles in a network, but all share the same fundamental broadcast behavior.
Passive Hubs
Passive hubs do not require any power to operate. They simply act as a conduit, connecting devices without amplifying or modifying the transmitted signals. Passive hubs are the most basic form of hub and are typically used in small, simple networks where signal degradation over distance is not a concern.
Their lack of power requirements makes passive hubs straightforward to deploy, but they provide no signal amplification, meaning cable runs are limited to shorter distances.
Active Hubs
Active hubs, unlike their passive counterparts, require power to operate. They amplify the electrical signal before passing it to connected devices. This process allows for longer cable runs and more reliable data transmission across a larger area.
This signal regeneration is the key distinguishing feature of active hubs. Active hubs are also known as multiport repeaters because they repeat and amplify incoming signals across all ports.
Intelligent hubs, also known as smart hubs, are the most advanced type of network hub. In addition to the amplification capabilities of active hubs, intelligent hubs come equipped with management software that allows network administrators to monitor network traffic, diagnose issues, and sometimes configure individual ports.
This management capability makes them more suitable for environments where some degree of visibility into network performance is required, though they still cannot match the traffic isolation and security features of a network switch.
Benefits of Network Hubs
Network hubs offer a small set of practical advantages, particularly in specific constrained use cases:
- Cost: Hubs are inexpensive hardware. For a small home lab, classroom, or test environment where security is not a concern, a hub’s low purchase price can make it an attractive choice when a switch is not available.
- Simplicity: Hubs require zero configuration. Plug in the cables, and devices are connected. There are no VLANs to configure, no access control lists to manage, and no firmware to update. For temporary setups or isolated test networks, this plug-and-play behavior eliminates setup overhead entirely.
- Built-in traffic visibility: Because a hub broadcasts all traffic to all ports, a network analyzer or packet capture tool connected to any port can observe the full traffic stream on that segment.
This behavior, which is a liability in production environments, becomes a diagnostic advantage in a controlled lab. Engineers who need to capture traffic passively without reconfiguring a switch mirror port sometimes use a hub for this purpose.
- Legacy device compatibility: Some older devices communicate at speeds or with protocols that assume hub-based broadcast behavior. In rare legacy environments where upgrading those devices is not feasible, a hub may be the lowest-friction connection method.
Network Hub Security Vulnerabilities
Network hubs have several significant security vulnerabilities that make them unsuitable for most modern networks.
Packet Sniffing
Because a hub broadcasts every packet to every connected port, any device attached to the hub can see all traffic on that network segment, not just traffic addressed to it.
A threat actor who gains physical access to any hub port, or who plants malware on a connected device, can run a packet capture tool and observe all usernames, passwords, session tokens, and unencrypted data flowing through the hub.
This is not a configuration flaw; it is the hub’s fundamental operating mode. Unlike a network switch, which forwards frames only to the intended destination port, a hub provides no mechanism to contain traffic within a port pair.
ARP Flooding and Broadcast Storms
Hubs retransmit every incoming packet to all ports, including broadcast frames. In larger hub-connected networks, broadcast traffic can multiply rapidly.
If a misconfigured device or a malicious actor begins sending high volumes of broadcast packets (a technique known as ARP flooding), the hub will faithfully retransmit each one to every port, consuming available bandwidth for all connected devices.
Because hubs have no mechanism to suppress or filter broadcasts, a single misbehaving device can degrade the entire segment. This condition is called a broadcast storm, where broadcast traffic cascades uncontrollably across the network, saturating bandwidth and potentially bringing communication to a halt.
Lack of Port Security
Hubs cannot enforce any form of port-level access control. Any device plugged into a hub port immediately becomes part of the network segment. There is no way to require 802.1X authentication before granting access, bind a port to a specific MAC address, or quarantine a device that fails a policy check.
This makes hubs incompatible with any compliance framework that requires network access control, including PCI-DSS, HIPAA, and frameworks that mandate zero-trust segmentation.
Lack of Encryption
Hubs do not provide any form of data encryption. All data transmitted through a hub is in plaintext, making it easily readable to anyone who can capture the traffic.
Inability to Segment Networks
Hubs cannot segment networks or create VLANs. All devices connected to a hub are on the same network segment, which makes it impossible to separate different types of traffic or create security boundaries between devices.
Network Congestion
Since all devices share the same bandwidth in a hub-based network, network congestion can easily occur. As the number of connected devices grows, the available bandwidth for each device decreases, leading to slow speeds and poor performance.
Susceptibility to Eavesdropping
Hubs make it easy for malicious actors to intercept data using packet sniffers. Since all data is broadcast to every device on the network, anyone with a packet sniffer and a connection to the hub can capture and read data that is not intended for them.
Network Hub Security Protocols vs. Modern Security Solutions
Given these security limitations, modern network security has moved beyond hubs to solutions that provide robust controls at the network access layer.
Network switches offer a significant improvement over hubs in terms of both performance and security. Switches operate at Layer 2 of the OSI model and use MAC addresses to send data only to the intended recipient device, rather than broadcasting to all devices. This reduces unnecessary network traffic and makes eavesdropping significantly more difficult.
Advanced network switches incorporate security features such as VLANs, port security, and access control lists (ACLs). VLANs allow network administrators to segment a network into distinct zones, limiting the potential damage from a security incident. Port security allows administrators to control which devices can connect to a network based on their MAC addresses. ACLs provide fine-grained control over which types of traffic are allowed or denied on the network.
Modern network security platforms go beyond what a switch alone can provide. Solutions that implement RADIUS-based network access control and EAP-TLS certificate authentication ensure that only verified, policy-compliant devices can join the network at all.
JoinNow Cloud RADIUS enables organizations to enforce certificate-based authentication at the point of network access, eliminating the credential-based risks that hub-era networks could never address. For organizations that need to manage the certificates that power that authentication, Dynamic PKI provides the underlying certificate infrastructure.
Network Hub vs. Network Switch
While both network hubs and switches are used to connect multiple devices in a LAN, they operate in fundamentally different ways, and those differences have direct security implications.
| Feature | Network Hub | Network Switch |
|---|---|---|
| OSI layer | Layer 1 (Physical) | Layer 2 (Data Link) |
| Traffic delivery | Broadcasts to all ports | Forwards to destination port only |
| MAC address awareness | No | Yes |
| VLAN support | No | Yes (managed switches) |
| Port security | No | Yes (managed switches) |
| 802.1X support | No | Yes (managed switches) |
| Packet sniffing risk | High (all traffic visible to all ports) | Low (traffic isolated per port) |
| Typical use today | Legacy/lab only | Universal standard |
The most significant practical difference is traffic isolation. A switch maintains a MAC address table and forwards each frame only to the port associated with the destination MAC address. This means a device connected to port 3 cannot passively observe traffic flowing between devices on ports 1 and 2. A hub provides no such isolation; port 3 sees everything.
Are Network Hubs Ever Used Today?
While network hubs were once a common component of network infrastructure, they are rarely used in modern networks. Network switches, which offer superior performance, security, and scalability, have largely displaced hubs in production environments.
However, there are some scenarios where hubs may still be used. For example, in certain legacy environments, hubs may still be present due to the cost and complexity of upgrading to modern network equipment. Additionally, as noted above, hubs are sometimes used in network testing and troubleshooting environments, where their traffic broadcasting behavior can be advantageous for capturing all network traffic for analysis.
In general, if you have a choice between using a hub and a switch, a switch is almost always the better option. Switches provide better performance, security, and scalability, and the cost difference between the two devices has become negligible.
Secure Your Network with SecureW2
Network hubs illustrate the risks of infrastructure that cannot control who sees what. Modern network security begins with the ability to authenticate every device before it joins the network, segment traffic by policy, and revoke access instantly when a device falls out of compliance.
SecureW2 provides the cloud-native infrastructure to make that possible. The JoinNow Cloud RADIUS platform integrates with your existing switches and wireless access points to enforce certificate-based 802.1X authentication at the point of network access, so no device without a valid, policy-matched certificate can connect. Pair it with Dynamic PKI for automated certificate lifecycle management across your entire device fleet.
If your network still relies on shared credentials, legacy access methods, or hardware that cannot enforce port-level policy, schedule a demo to see how SecureW2 can modernize your access control infrastructure.
Frequently Asked Questions
What is a network hub used for?
A network hub is used to connect multiple devices in a local area network so they can communicate with each other. It acts as a central connection point, receiving data from one device and broadcasting it to all other connected devices. Today, hubs are primarily used in legacy environments, small isolated test setups, or lab scenarios where passive traffic capture is needed.
What is the difference between a network hub and a switch?
A network hub broadcasts incoming data to every connected port, regardless of the intended destination. A network switch reads the destination MAC address of each frame and forwards it only to the appropriate port. This means a switch isolates traffic between devices, which improves both performance and security. Switches also support VLANs, port security, and 802.1X authentication; hubs support none of these.
Does a network hub have an IP address?
A standard passive or active network hub does not have an IP address. It operates at Layer 1 of the OSI model and has no awareness of IP addresses or higher-layer protocols. Intelligent (managed) hubs may have an IP address assigned to their management interface, but the hub itself does not use IP addresses to route or forward traffic.
Are network hubs still used today?
Network hubs are rarely used in modern production environments. Switches have replaced them in virtually all deployments because switches offer better performance, traffic isolation, and security at a comparable cost. The main remaining use cases for hubs are legacy environments where upgrading is not yet feasible, and isolated lab or diagnostic setups where broadcasting all traffic to all ports is intentionally useful.
