?
Solved

Tool similar to Tracert to trace via MAC address in the LAN

Posted on 2014-09-11
21
Medium Priority
?
4,431 Views
Last Modified: 2014-09-24
Hi ,

We have network with a Flat structure e.g. only one VLAN.

The cabling has no labeling.  Is there a utility or application that can work like Tracert which can give us all the MAC address hops to reach the destination DNS name?

Thanks,

Roger38
0
Comment
Question by:Roger38
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 4
  • +2
21 Comments
 
LVL 4

Expert Comment

by:exploitedj
ID: 40318283
Aside from "arp"?

Should be something like "arp HOSTNAME" depending on the OS.

If you are all truly in one VLAN/ broadcast domain you will get the mac address for that host. You shouldn't have to "go through hops".

If there were separate VLANs and you have Cisco switches (or similar functionality, in some other brands, to CDP) you can probably "traceroute mac", but your milage may vary based on the functionality of your switches.

What are you trying to solve for? The port or switch a host is plugged into? The best place to find that out from is your switches. Is(/Are) your switch(es) managed?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40318341
exploitedj is correct, if you are a single VLAN (and we are assuming a single IP network) there should be no hops.

Hops are referred to when you have different IP networks and you have to route from one IP network to another, and possibly another, to get to a remote host,
0
 
LVL 30

Expert Comment

by:Predrag
ID: 40318594
as exploitedj said arp can give you mac-to-ip connection, but if you have managed cisco switches you can set port security on switches and set command on interfaces        

Switch(config)# interface interface_id
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky

sticky will get mac address from host attached to interface
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 46

Expert Comment

by:Craig Beck
ID: 40322750
If your switches are Cisco (for example) you can use the show mac address-table command.  This will show you which interface a MAC address is reachable via.
0
 

Author Comment

by:Roger38
ID: 40323053
All,

Thanks for your comments.

But my questions was in relation to tracing the cable. That's is, which hubs and switches (hops) it  has to pass through to reach the server. This will help me to know exactly how the cable is running from the end device to the server in the server room.

As Tracert will give you the IP addresses of all the routers or hops from the host to destination, I will need a similar tool to trace my cable from the desktop to the server in one VLAN environment so that I will know what are the MAC addresses of all the intermediate hubs and switched are between the PC and the server.

Can you please help?

Roger38
0
 

Author Comment

by:Roger38
ID: 40323063
Just to add I do not have Cisco switches and hubs.

Thanks,

Roger38
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40323099
Are they managed though? Like can you login to them? If you have Dell or Hp switches they may have similar functionality. Depending on the model. The more information you can provide on your switches, specific to your infrastructure, the easier it will be for people to provide specific answers. Make model and software version are usually good places to start.
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 40323302
If they are managed switches you can use the same principle to find which switch a MAC address passes through.  At switch 1 you show the MAC address table - it tells you which port it is known via.  Then you go to the switch connected to that port and do the same, and so on until you find the device.

This is effectively the tracert in layer-2.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40323745
If you have unmanaged switches, then all you can do is start unplugging cables to see either what dies, or what lights go out.
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40324009
You can script the process, if you want to do some nancy drew type work. If you start with the output of pinging every host in your subnet as a baseline for your host IPs, you should be able to compare a ping sweep of the subnet against that, and the host up returned would be the IP of the switch port that was unplugged. If that makes sense?
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40324030
Disclaimer, all this is very intrusive...

Assuming Linux, initial scan would just be the output of a simple ping sweep to get all the host IPs. Like:

for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip" || : ; done  >> initial_scan.txt

Then use the following as you unplug stuff to tell you what you just took offline:

#!/bin/bash
HOSTS=initial_scan.txt
COUNT=4
for myHost in $HOSTS
do
  count=$(ping -c $COUNT $myHost | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')
  if [ $count -eq 0 ]; then
    # 100% failed
    echo "Host : $myHost is down (ping failed)"
  fi
done
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40324032
Hopefully obviously, plugging stuff back in once you notate the port, before moving on to the next host. :)
0
 

Author Comment

by:Roger38
ID: 40324033
Some are managed switches and some are not.

On managed switch when I ran that command sh mac address, some ports give different mac addresses ever time. I found that particular ports were connected via Cross over cable to another switch. But then Why did the MAC address changed?

Also unplugging is out of question, because its production environment.

I was hoping o find a utility that just trace the MAC address hops from PC to the server.

Thanks,

Roger38
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40324055
Ports give different MACs or many MACs. Many makes sense for an uplink. I would have to see an example if it is something else.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40325137
There is no "mac" level trace route type command.  So the only way is if you have a managed switched is hope it has a command to show you the mac to port address table.

Each switch brand and sometimes model has a different command to show you this information. So it makes it difficult to create a utility.

You might be able to get this using SNMP, but you would need to find the OID for your switch.

What brand and model switches do you have?
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 40325316
There is no "mac" level trace route type command.  So the only way is if you have a managed switched is hope it has a command to show you the mac to port address table.

Not strictly true.  Some Cisco switches (nearly all now) have a traceroute mac command which will allow you to find a MAC on the same VLAN on a distant switch.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_13_ea1/command/reference/3550cr/cli3.pdf
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40325681
craigbeck, thanks!!!  Never knew that, but there is soo much stuff out there to know.  That is what is great about EE.

It looks like they have not ported this to Nexus, yet.  Hopefully they will.  Makes chasing down what port a server is on much quicker.
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 40325772
Pleasure, giltjr :-)

You're right - it's not available on NX-OS unfortunately.
0
 
LVL 4

Accepted Solution

by:
exploitedj earned 2000 total points
ID: 40325925
This tool:

http://www.reocities.com/milicsasa/Tools/l2trace/index.html

Similarly relies on CDP, (it feels like a perl version of the Cisco utility)  and since you mentioned you are not using Cisco switches it may not work (due to CDP), but I know HP switches can pass on CDP info. Still, don't know your switch types, milage may vary, other disclaimers, etc...
0
 

Author Closing Comment

by:Roger38
ID: 40342862
Thanks.
0
 
LVL 46

Expert Comment

by:Craig Beck
ID: 40342895
How can you mark this as the correct answer if the tool is for Cisco switches and you don't have Cisco switches to verify the solution?
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question