Menu
I've inherited a network spread out over a warehouse/front office consisting of approximately 50 desktop PCs, various servers, network printers, and routers/switches.
The "intelligent" routers live in the server room. As the company has grown, we've annexed additional space and not very elegantly run various lengths of CAT5 thru the ceilings etc. I've been finding various hubs and switches in the ceilings -- none of which is labeled or documented in any way.
Of course, das blinken-lights tell me that someone is connected to these devices, I just have no way of finding out who.
I can run traditional network map tools (there are tons of these things) and it shows me the IP-based things in the network. That's nice, but information I already have. What I need to know is the network topology -- how the switches (bridges) are interconnected etc.. And since they are off-the-shelf linksys unmanaged-types, they don't respond to SNMP so I can't use that...
What's the best/cheapest tool out there that I can use to analyze and detect things like hubs and switches in the network that don't respond to SNMP?
If there's no tool that you're aware of -- what generalized algorithm would you suggest to find this out? My guess would be that I could look at the MAC forward tables for the devices (switches, desktops, etc.) and build a chain that way, but I don't know if it's possible to get that from an unmanaged switch (let alone a hub).
(This patent has some neat ideas but I can't find any software built with it: http://www.freepatentsonline.com/6628623.html)
Thanks!!
358
Unmanaged switches are untraceable An unmanaged switch comes pre-configured and simply allows the devices to communicate with one another. These are Datalink Layer (referring to the OSI layer model) devices and do not have IP addresses and therefore ICMP tools such as traceroute cannot be used to trace the device.
One way is to list the mac address table on the managed switches and look for ports with multiple mac addresses with are not links to other known switches. Then, using arp lookup and ping -a, you can find the ip address/dns names of the hosts connected to the unmanaged switches.
Network LayerThe Unmanaged switch is a data link layer device (layer 2). It records the MAC addresses of the computers connected to it in a tabular format. When the data packet arrives, it reads the destination address and sends it to the appropriate system rather than sending it to all connected devices.
Unmanaged switches do not have STP period as others have stated. Changing the switch mode will cause a restart and a reconfiguration.
An idea could be to use a program like 3com network director trial version (or The Dude). Use it to discover all of your workstations and anything else with an IP address.
Wait for a quiet time and unplug each hub/switch ... you'll then at least begin to be able to make a map, the rest will be crawling about following cables. Network administration does mean getting dirty.
60
You probably can't explicitly detect unmanaged devices... but you have MAC -> switch port mappings, on your managed ones, right? If so, you should be able to infer the presence of unmanaged switches / hubs with more than one connected client -- I don't know how you'd find a port with only one.
You probably don't have any accidental loops in your network topology (or your network probably wouldn't work) so you can probably assume a tree structure outside your core.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
