2

Given a switch S1, I’d like to guess the target port of a switch S2 to which it is wired.

I can get their updated Mac Address Table (some say Address Forwarding Table) and that’s all. I can’t enable any CDP, LLDP or any other such protocol.

So with the MAT/AFT, I know that to reach a given set of mac address, I have to go through port P1 of switch S1. If S2 also holds all these mac addresses in its MAT/AFT, I can guess that they’re most probably wired together.

I tried finding if any port of S2 holds a bunch of MACs that can be found on S1, but with this I sometime got several candidate ports… or even none (which seems a little stupid to me). For the moment I do not analyse VLANs separately.

I wonder if anyone knows any good algorithm to infer the target port of S2?

MDMarra
  • 100,734
  • 32
  • 197
  • 329
Martin Pernollet
  • 121
  • 1

1 Answers1

2
  • Analyze Vlans separately.

Depending on the gear you're using and how it's configured, you make have a separate spanning tree topology for each given Vlan. If you're dealing with a different effective topology from one MAC address to the next, things can be a little messy, and would certainly have the potential to give you multiple candidate ports.

In general, make sure that you're checking the spanning tree status on these switches, as that can be a major factor in this kind of mapping (which inherently makes blocked links invisible to you).

  • Use known hosts for your checks.

Just because a host MAC address is known one switch, does not necessarily mean that it's known on each switch in the broadcast domain. Switches keep their MAC tables up to date by watching traffic being sent by hosts on those ports; if all of the traffic from host A never has any need to traverse switch 2, switch 2 will forget about it. Blast some broadcast traffic from a device behind switch 2, then check the address tables.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • Thanks for the hints. I am indeed using a ping broadcast to have complete mac address tables. Analysing vlans separately just gives me less physical links information... and actually I don't understand how it helps guessing the target port in the sequence S1-P1---->S2-P? – Martin Pernollet Dec 07 '11 at 22:24
  • @Martin It helps by forcing traffic from that specific MAC address over the link between the two, which forces the population or update of that address into the MAC table of S2. Tracking which port that MAC's showing in S2 should give you accurate info at that point; if it's not registered at all, then there's a problem. – Shane Madden Dec 07 '11 at 22:36
  • My understanding of what you say is that it helps understanding an _outgoing_ port of S2. Let say we have computers C1 and C2 at both end, respectively owning mac addresses M1 and M2 such that: C1->[P? S1 P1.1]->[P? S2 P2.1]->C2 We know from the MAT that one should traverse P1.1 and P2.1 to reach C2 since M2 is referenced on both of these ports. But I am trying to guess who is P? on S2, and unless I'm wrong, M2 should not appear on P?. I thought about looking in ARP table of C2 if any Cx exists and then search their mac on ports of S2, but I'm not given the chance to access the hosts :) – Martin Pernollet Dec 07 '11 at 22:58
  • Right, M1 should be in the table for both P? ports, since it's sending traffic that's ingressing to both of those ports on its way to C2. – Shane Madden Dec 07 '11 at 23:02
  • Well this information does not provide any mean to guess the link between S1[P1.1] and S2[P?] :/ – Martin Pernollet Dec 08 '11 at 15:59
  • @Martin Sure it does. The traffic from M1 is coming in to S2 P?, and so S2 will get M1 in its MAC address table for P?. – Shane Madden Dec 08 '11 at 16:17