Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: layer-2 tracking

0 views
Skip to first unread message

Rick Jones

unread,
Aug 21, 2008, 1:05:22 PM8/21/08
to
sali <sa...@euroherc.hr> wrote:
> we have ethernet network with many segments, something like campus,
> quite a lot of cascading switches, most of them unmanageable.
> sometimes, we have guests who come with their notebuk and attaches
> to the lan. their ip address is all i may notice, but is har to
> detect where is it located, which part of campus

> is there some tool to trace on which switch is the computer with
> particular ip address attached? something like "tracert" command
> does, telling me over which routers is the computer connecte. but,
> in my case, i will like to trace not layer-3, but layer-2 info, i
> mean to check switches [supposing each port on each switch has its
> own layer-2 address, is it correct?]

Not with unmanaged switches.

With managed switches you would examine the forwarding tables on the
switches looking to see out which port traffic for that laptops MAC
address goes. Any MAC address on a switch isn't really interesting in
this exercise.

The other option is to start wandering around with a packet sniffer,
connecting it inline on ports here and there looking for traffic
to/from the MAC address in question.

This is probably as much a question for comp.dcom.lans.ethernet as
anything else, so I've set followups to that group.

rick jones
--
denial, anger, bargaining, depression, acceptance, rebirth...
where do you want to be today?
these opinions are mine, all mine; HP might not want them anyway... :)
feel free to post, OR email to rick.jones2 in hp.com but NOT BOTH...

jpd

unread,
Aug 21, 2008, 1:27:52 PM8/21/08
to
On Thu, 21 Aug 2008 17:05:22 +0000 (UTC),
Rick Jones <rick....@hp.com> wrote:
> With managed switches you would examine the forwarding tables on the
> switches looking to see out which port traffic for that laptops MAC
> address goes. Any MAC address on a switch isn't really interesting in
> this exercise.

Not really difficult, either. We've built numerous of those over the
years. SNMP and some scripting is all you need, though knowledge of
the layout can speed up tracing considerably.

It brings up another question, which should probably go in a more SNMP
related newsgroup, but for ethernet devices I might as well ask here
initially:

Are there still devices around that support the snmp packet capture mib?


--
j p d (at) d s b (dot) t u d e l f t (dot) n l .
This message was originally posted on Usenet in plain text.
Any other representation, additions, or changes do not have my
consent and may be a violation of international copyright law.

0 new messages