Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Network Map Algorithm that Detects Unmanaged Layer 2 Switches?

I've inherited a network spread out over a warehouse/front office consisting of approximately 50 desktop PCs, various servers, network printers, and routers/switches.

The "intelligent" routers live in the server room. As the company has grown, we've annexed additional space and not very elegantly run various lengths of CAT5 thru the ceilings etc. I've been finding various hubs and switches in the ceilings -- none of which is labeled or documented in any way.

Of course, das blinken-lights tell me that someone is connected to these devices, I just have no way of finding out who.

I can run traditional network map tools (there are tons of these things) and it shows me the IP-based things in the network. That's nice, but information I already have. What I need to know is the network topology -- how the switches (bridges) are interconnected etc.. And since they are off-the-shelf linksys unmanaged-types, they don't respond to SNMP so I can't use that...

What's the best/cheapest tool out there that I can use to analyze and detect things like hubs and switches in the network that don't respond to SNMP?

If there's no tool that you're aware of -- what generalized algorithm would you suggest to find this out? My guess would be that I could look at the MAC forward tables for the devices (switches, desktops, etc.) and build a chain that way, but I don't know if it's possible to get that from an unmanaged switch (let alone a hub).

(This patent has some neat ideas but I can't find any software built with it: http://www.freepatentsonline.com/6628623.html)

Thanks!!

like image 358
Matt Rogish Avatar asked Sep 17 '08 04:09

Matt Rogish


People also ask

Can you detect an unmanaged switch?

Unmanaged switches are untraceable An unmanaged switch comes pre-configured and simply allows the devices to communicate with one another. These are Datalink Layer (referring to the OSI layer model) devices and do not have IP addresses and therefore ICMP tools such as traceroute cannot be used to trace the device.

How do I find an unmanaged switch?

One way is to list the mac address table on the managed switches and look for ports with multiple mac addresses with are not links to other known switches. Then, using arp lookup and ping -a, you can find the ip address/dns names of the hosts connected to the unmanaged switches.

Is layer 2 switch unmanaged?

Network LayerThe Unmanaged switch is a data link layer device (layer 2). It records the MAC addresses of the computers connected to it in a tabular format. When the data packet arrives, it reads the destination address and sends it to the appropriate system rather than sending it to all connected devices.

Do unmanaged switches use Spanning Tree?

Unmanaged switches do not have STP period as others have stated. Changing the switch mode will cause a restart and a reconfiguration.


2 Answers

An idea could be to use a program like 3com network director trial version (or The Dude). Use it to discover all of your workstations and anything else with an IP address.

Wait for a quiet time and unplug each hub/switch ... you'll then at least begin to be able to make a map, the rest will be crawling about following cables. Network administration does mean getting dirty.

like image 60
Tubs Avatar answered Sep 24 '22 22:09

Tubs


You probably can't explicitly detect unmanaged devices... but you have MAC -> switch port mappings, on your managed ones, right? If so, you should be able to infer the presence of unmanaged switches / hubs with more than one connected client -- I don't know how you'd find a port with only one.

  1. Record the MAC addresses of all smart switches and client devices
  2. Start from one of your known smart switches
  3. For each port on the switch, list the MAC addresses it's forwarding. If it lists one client, it's direct. If it's more than one and none of the addresses are in your known switch MACs, you've got a dumb switch. If it's more than one and one address is in your set of known switches, recurse on this switch.

You probably don't have any accidental loops in your network topology (or your network probably wouldn't work) so you can probably assume a tree structure outside your core.

like image 22
Nate Avatar answered Sep 23 '22 22:09

Nate