What Is a Hub?
A hub is a Layer 1 device — it operates purely at the physical layer of the OSI model. When a device connected to a hub transmits an electrical signal, the hub's only job is to amplify and repeat that signal out of every other port simultaneously. It has no awareness of MAC addresses, no memory of which device is connected to which port, and no ability to make any forwarding decisions whatsoever.
Every device plugged into a hub exists in the same collision domain. Because the hub broadcasts every signal to everyone, only one device can transmit at a time. If two devices transmit simultaneously, their signals collide — both signals become garbled, and both devices must wait a random backoff period before trying again. This mechanism is called CSMA/CD (Carrier Sense Multiple Access with Collision Detection), and it is the defining characteristic of hub-based networks.
As more devices are added to a hub, the problem compounds. With eight devices sharing a hub, the probability of collisions rises sharply, and the effective throughput per device drops far below what the raw link speed suggests.
What Is a Network Switch?
A switch operates at Layer 2 — the data link layer. Unlike a hub, a switch is intelligent. When a frame arrives on one of its ports, the switch reads the source MAC address and records which port that address is connected to in an internal MAC address table (also called a CAM table). When a frame arrives destined for a known MAC address, the switch sends it exclusively to the port associated with that address.
Because the switch makes intelligent forwarding decisions, each port on a switch is its own isolated collision domain. Two devices on different ports of a switch can transmit simultaneously without any interference. This is fundamentally different from a hub, where all devices share a single collision domain regardless of how many ports the hub has.
Switches also support full-duplex operation on each port. A device connected to a switch port can transmit and receive at the same time, effectively doubling the available bandwidth on that link compared to the half-duplex operation forced by hub environments.
The Collision Domain Problem in Detail
To understand why hubs fail at scale, consider a simple example. Suppose eight workstations are connected to a 100 Mbps hub. All eight devices share that 100 Mbps. In practice, because CSMA/CD forces them to take turns and because collisions waste time in retransmissions, the actual usable throughput across all eight devices might be well under half the theoretical maximum — and it degrades further as traffic increases.
Now connect those same eight workstations to a 100 Mbps switch. Each port has a dedicated 100 Mbps full-duplex connection. Two computers transferring a file to each other do not slow down a third computer downloading from the internet, because the switch forwards each conversation independently. The total switching capacity of an 8-port 100 Mbps switch is 800 Mbps of simultaneous throughput — eight times what the hub could provide.
Security: A Critical Difference
Because a hub sends every frame to every port, any device connected to a hub can put its network interface into promiscuous mode and capture all traffic on the network. This makes packet sniffing trivially easy — a malicious device on the same hub sees the unencrypted conversations of every other device. On a switch, a device normally only sees its own traffic (plus broadcast frames). An attacker would need to perform more sophisticated attacks like ARP poisoning or MAC flooding to intercept other devices' traffic on a switched network.
Switch vs Hub Comparison
| Characteristic | Hub | Switch |
|---|---|---|
| OSI Layer | Layer 1 (Physical) | Layer 2 (Data Link) |
| Forwarding method | Broadcasts to all ports | Sends to correct port only |
| Collision domain | All ports share one | Each port is its own |
| Duplex mode | Half-duplex only | Full-duplex per port |
| Bandwidth | Shared across all ports | Dedicated per port |
| MAC address table | None | Yes (CAM table) |
| Security | All traffic visible to all ports | Traffic isolated per port |
| Recommended use | Legacy / none | All modern networks |
Why Hubs Still Exist (Barely)
Hubs are not manufactured for general network use anymore. However, you will occasionally see them mentioned in specific test environments. Because a hub broadcasts every frame to every port, a laptop plugged into an unused port on a hub will see all traffic on that segment — making a hub useful as a passive network tap when you want to capture traffic without inserting an inline device. That said, dedicated network tap hardware does this more cleanly, without the bandwidth and half-duplex limitations of a hub.
In every other context, if you are considering a hub, buy a switch instead. The cost difference between a basic unmanaged switch and a hub is negligible, and the performance and security improvement is enormous.
What About a "Dumb Switch"?
The term "dumb switch" is informal shorthand for an unmanaged switch — a switch with no configuration interface that simply forwards traffic based on MAC addresses. A dumb switch is still dramatically superior to a hub because it maintains a MAC address table and provides per-port collision domains and full-duplex operation. "Dumb" refers only to the absence of management features, not to any architectural similarity with hubs.
Frequently Asked Questions
What is the main difference between a switch and a hub?
A switch reads the destination MAC address of each incoming frame and forwards it only to the port where that device is connected. A hub has no intelligence — it simply repeats every electrical signal out of every port simultaneously. This means all devices connected to a hub share the same collision domain and compete for bandwidth, while devices on a switch each get dedicated bandwidth per port.
Are hubs still used today?
Hubs are virtually obsolete in modern networks. They are occasionally used in specialized test environments as a passive network tap — to allow a packet capture device to see all traffic on a segment — but dedicated network tap hardware does this more cleanly. For any normal network use, a switch is always the correct choice.
What is a collision domain?
A collision domain is a network segment where only one device can transmit data at a time. If two devices transmit simultaneously in the same collision domain, their signals collide and both must retransmit. All ports on a hub share a single collision domain. A switch gives each port its own collision domain, so any two devices can transmit simultaneously without interfering with each other.
Can I replace a hub with a switch?
Yes, and you almost certainly should. A switch is a drop-in replacement for a hub — you connect devices to the ports in exactly the same way. The switch will immediately begin learning MAC addresses and sending traffic only to the correct ports, improving both performance and security without any configuration required.
Why is full-duplex important?
Full-duplex allows a device to transmit and receive data at the same time on the same connection. Hubs operate in half-duplex, meaning a device can only transmit or receive at any given moment, not both simultaneously. Switches support full-duplex on each port, effectively doubling the usable bandwidth of the link and eliminating the need for collision detection (CSMA/CD) entirely.
Does a hub affect network speed?
Yes, significantly. On a hub, all connected devices share the total available bandwidth. If the hub runs at 100 Mbps and eight devices are connected, that 100 Mbps is shared across all of them collectively. Additionally, collisions force retransmissions that waste bandwidth. A switch provides the full link speed to each port independently, so each device gets its own dedicated bandwidth rather than competing for a shared pool.