From: Volker Tanger (vtlists@wyae.de)
Date: Mon Jul 04 2005 - 18:13:00 EDT
Greetings!
On Mon, 4 Jul 2005 12:19:56 +0200
hannibal blog <hannibalsec@gmail.com> wrote:
>
> I'm trying to detect the level 2 switchers on my network.
> Do somebody knows a tool that can help ?
A few ideas:
1.) Follow the cables. Low-tech, manual labour involved, probably takes
longer than other methods, but very accurate.
2.) Set all your (manageable) switches to port security, max. 1 MAC
address per port (except the known spanning tree and up-/downlink
ports of course). All ports shutting down have a repeater
(hub/switch) attached to it.
3.) fping -ega YOURNETWORK which will give you the roundtrip time
for each system found.
Each meter of cable is worth approx. 5ns (=0.005ms), each switch/hub
roughly 0.04 ms. Remember to double times for the complete roundtrip
==> 0.08ms for each switch, 0.01ms for each meter cable.
So a test network with results like these will tell you:
x.y.z.1 (0.01 ms) - the local PC
x.y.z.2 (0.11 ms) - one hub/switch (0.08) plus 3 meter in cables
x.y.z.3 (0.40 ms) - one switch (0.08) plus 32m cables
or two switches (0.16) plus 24m cables
or three switches (0.24) plus 16m cables
or four switches (0.32) plus 8m cables
Which now is the real thing can be deducted from topological
knowledge (office area is only one floor, size approx. 10x5m), thus
cables total probably less than 20m) or correllation (if a number of
IPs have 40ms then they probably share the same distance and
switch).
Bye
Volker
-- Volker Tanger http://www.wyae.de/volker.tanger/ -------------------------------------------------- vtlists@wyae.de PGP Fingerprint 378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:31 EDT