4

I'm on a network where most devices are DHCP. If I have a few switches between device A and a DHCP server, how can I find out what they are?

traceroute just gives me 1 hop, regardless of the number of switches between device A and the DHCP server.

Joel K
  • 5,853
  • 2
  • 30
  • 34
Justin Myles Holmes
  • 151
  • 1
  • 4

5 Answers5

6

If they are Cisco switches (high probability) and they have CDP turned on (decently high probability) then you can sniff the network for CDP traffic.

CDP is link layer protocol that can help you determine layer 2 topologies. (exactly what you're looking for)

More on the protocol: http://en.wikipedia.org/wiki/Cisco_Discovery_Protocol

CDP is Cisco proprietary, but there are similar things from other vendors and an 'official standard called LLDP.

http://en.wikipedia.org/wiki/Link_Layer_Discovery_Protocol

On most Linux hosts you can install a package called 'cdpr' that will sniff and report back a decoded CDP frame if it receives one.

The above method would let you know what switch your end point devices are plugged in to, but you'll be missing any intermediate switch hops in the middle.

If you're not seeing any CDP or LLDP frames, you can make a little bit of inference about what switching topology you're connected to by looking at the Spanning Tree addressing.

Best of Luck.

Joel K
  • 5,853
  • 2
  • 30
  • 34
1

Without having access to the switch to trace mac addresses (ie You know device A is patched to switch 1 port 10 you would then search for the mac of device B and trace it to what port it is connected to) there is no way to find out how many switches between two devices.

Payload
  • 266
  • 2
  • 7
  • I do have access to the switch. Can you explain this process a bit more or do you have a link where I can read more about it? – Justin Myles Holmes Nov 17 '10 at 01:06
  • depending on the type of switches they are basically you need to look at the arp table within the switch that device A is connected to and look for the MAC of device B. The arp table should tell you which Port that it discovered that MAC from, if that is another switch repeat this process till you find the switch that device B is connected to. Other than that, you can physically inspect the switches and probably figure it out. – Payload Nov 17 '10 at 01:14
  • 1
    You should be looking for MAC ADDRESS TABLEs not ARP tables. MAC address tables are learned mappings of mac addresses to ports. ARP tables are mappings of mac addresses to IPs. – Joel K Nov 17 '10 at 02:01
  • Yes what Joel K said, it was prior to my morning coffee :) – Payload Nov 17 '10 at 23:50
1

The only way to do this is with access to the switches themselves. If all you have access to are end hosts, it will not be possible for you to obtain information about the full topology.

If you are the network administrator, I would recommend documenting your physical topology manually ASAP. There may be open source and/or vendor tools that help you get started, but your network topology should be something you keep track of and modify in a planned way, rather than something you periodically discover.

If you are a user of the network who would like to know the topology, your best option is to speak to your administrator about making this information available through some sort of self service portal or API.

Murali Suriar
  • 10,296
  • 8
  • 41
  • 62
  • This is a very small network, and I'm already working on documenting it manually. This is actually more of an exercise than anything. I do have access to the switches, but I don't know how to inspect the arp tables as payload suggests. – Justin Myles Holmes Nov 17 '10 at 01:20
  • What brand and model of switches do you have deployed? Depending on the answer, your problem is either fairly difficult or relatively straightforward. :) – Murali Suriar Nov 18 '10 at 00:53
1

I know my answer is not exact for current topic, but i hope someone will google something similar and i can help.

So, assuming you have a box you have an access and you have a peer. You already know ip address of this peer (we will not discuss here how to determine it).

That's all. Box you have access to and ip address of the peer. You need to know is there a switch between you and peer.

Craft an arp request packet:

20:17:09.761940 ff:ff:ff:ff:ff:ff > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.200.200.101 tell 10.200.200.221, length 28

Idea is having ff:ff:ff:ff:ff:ff as source mac. In case there is NO switch on your way you will receive an answer:

20:17:09.762234 08:00:27:7b:b0:d7 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Reply 10.200.200.101 is-at 08:00:27:7b:b0:d7, length 28

Switch will not allow arp reply with broadcast mac address. So if you DIDN'T receive answer - you DO have a switch on your way.

m0ntana
  • 11
  • 1
0

Traceroute will give you hops only on routers. Switches do not do any routing, so they are not visible to traceroute. What is the reason you want do "see" switches between?

icyrock.com
  • 1,190
  • 10
  • 17
  • Just for record keeping. I'd like to be able to create a dynamic map of the network this way. – Justin Myles Holmes Nov 17 '10 at 01:01
  • Hm... I think you are mostly out of luck here. Switches have only MAC addresses, they don't have IP addresses, so none of the IP tools (like ping and traceroute) won't see or even care there are switches. There might be some low-level tool that does this, but I am not aware of any. Hope others can shed more light... – icyrock.com Nov 17 '10 at 01:11