[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Fri, 14 May 2010, Rob Beard wrote:
Hi folks,I'm in the process of trying to create a network diagram for a network which looks like a tin of spaghetti. Now some of the switches connected to this network are managed and give me some details about the network (although not much that I can decipher). I believe there are a couple of 10MBit hubs on this network too which I'm guessing is causing a bit of a bottleneck.So I was wondering, does anyone know of any tools which might be able to work out what is on the network (I'm thinking maybe by device Mac address) so I can try and pinpoint what is on the network?
It's hard when you've come into something that's grown "organically" over the years and my own experiences of doing this involve getting down on your hands and knees with big sheets of paper to draw on, and pags of sticky labels to label devices and cabled, and manually mapping it out the hard way - for the physical side of it, anyway.
And sometimes it's easier to just rip it out and start again. Especially when in one case I did a while back you lift a floor plate and find a mass of charred cables...
As for identifying devices - you might want to use tools like ping, arping, fping and nmap - or simply even pinging the broadcast addresses then looking at the arp-cache (from a linux box, although no-doubt there are equivalent tools in the windows world!) Won't find boxes that are turned off though... However with a list of MAC addresses, you can then look them up to find the manufacturers - sometimes handy if you find an Acer laptop hidden away on a network when they tell you they've never bought any Acers...
You may be able to snoop for switch spanning tree information - which might help, but it's not an area I've spent much time on - and if you have passive hubs, or cheap switches it's really not going to help.
Another method is to simply unplug everything and wait to see who shouts ;-) Potentially career limiting though!!!
What I'd ideally like to achieve is to find out what is on the other end of the network port but these switches (Linksys SRW224G4) don't seem to let me do that.
What you can do here is get a Linux box with 2 Ethernet ports and plumb it in-line with the switch port and the lead coming out of it. (watch out for the need for cross-over cables) You'd need to configure the Linux box as an Ethernet switch first (bridge-tools) then you can snoop the traffic going over that port and built up a list of MAC addresses of devices connected to that port. It's invasive though in that there will be a short period of down-time when you physically unplug the connections and re-wire then through the Linux box.
However that's a nice switch and it is "managable" in that it support snmp monitoring and it supports port mirroring, so if there is a spare port, you can configure it to mirror another port, then all traffic going down the mirrored port will come down the spare port too (You just need to make sure it doesn't come back!) - so you stick a Linux box in it, run tcpdump/tshark, iftop, etc. and otherwise snoop the traffic and/or the arp cache.
Good luck :) Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html