Re: finding layer 2 network devices

From: Volker Tanger (vtlists@wyae.de)
Date: Mon Jul 04 2005 - 18:13:00 EDT


Greetings!

On Mon, 4 Jul 2005 12:19:56 +0200
hannibal blog <hannibalsec@gmail.com> wrote:
>
> I'm trying to detect the level 2 switchers on my network.
> Do somebody knows a tool that can help ?

A few ideas:

1.) Follow the cables. Low-tech, manual labour involved, probably takes
    longer than other methods, but very accurate.

2.) Set all your (manageable) switches to port security, max. 1 MAC
    address per port (except the known spanning tree and up-/downlink
    ports of course). All ports shutting down have a repeater
    (hub/switch) attached to it.

3.) fping -ega YOURNETWORK which will give you the roundtrip time
    for each system found.
    Each meter of cable is worth approx. 5ns (=0.005ms), each switch/hub
    roughly 0.04 ms. Remember to double times for the complete roundtrip
    ==> 0.08ms for each switch, 0.01ms for each meter cable.

    So a test network with results like these will tell you:
        x.y.z.1 (0.01 ms) - the local PC
        x.y.z.2 (0.11 ms) - one hub/switch (0.08) plus 3 meter in cables
        x.y.z.3 (0.40 ms) - one switch (0.08) plus 32m cables
                            or two switches (0.16) plus 24m cables
                            or three switches (0.24) plus 16m cables
                            or four switches (0.32) plus 8m cables
                
    Which now is the real thing can be deducted from topological
    knowledge (office area is only one floor, size approx. 10x5m), thus
    cables total probably less than 20m) or correllation (if a number of
    IPs have 40ms then they probably share the same distance and
    switch).

Bye

Volker

-- 
Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists@wyae.de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:31 EDT