Solved

Tool similar to Tracert to trace via MAC address in the LAN

Posted on 2014-09-11
21
2,627 Views
Last Modified: 2014-09-24
Hi ,

We have network with a Flat structure e.g. only one VLAN.

The cabling has no labeling.  Is there a utility or application that can work like Tracert which can give us all the MAC address hops to reach the destination DNS name?

Thanks,

Roger38
0
Comment
Question by:Roger38
  • 7
  • 5
  • 4
  • +2
21 Comments
 
LVL 4

Expert Comment

by:exploitedj
ID: 40318283
Aside from "arp"?

Should be something like "arp HOSTNAME" depending on the OS.

If you are all truly in one VLAN/ broadcast domain you will get the mac address for that host. You shouldn't have to "go through hops".

If there were separate VLANs and you have Cisco switches (or similar functionality, in some other brands, to CDP) you can probably "traceroute mac", but your milage may vary based on the functionality of your switches.

What are you trying to solve for? The port or switch a host is plugged into? The best place to find that out from is your switches. Is(/Are) your switch(es) managed?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40318341
exploitedj is correct, if you are a single VLAN (and we are assuming a single IP network) there should be no hops.

Hops are referred to when you have different IP networks and you have to route from one IP network to another, and possibly another, to get to a remote host,
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40318594
as exploitedj said arp can give you mac-to-ip connection, but if you have managed cisco switches you can set port security on switches and set command on interfaces        

Switch(config)# interface interface_id
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky

sticky will get mac address from host attached to interface
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40322750
If your switches are Cisco (for example) you can use the show mac address-table command.  This will show you which interface a MAC address is reachable via.
0
 

Author Comment

by:Roger38
ID: 40323053
All,

Thanks for your comments.

But my questions was in relation to tracing the cable. That's is, which hubs and switches (hops) it  has to pass through to reach the server. This will help me to know exactly how the cable is running from the end device to the server in the server room.

As Tracert will give you the IP addresses of all the routers or hops from the host to destination, I will need a similar tool to trace my cable from the desktop to the server in one VLAN environment so that I will know what are the MAC addresses of all the intermediate hubs and switched are between the PC and the server.

Can you please help?

Roger38
0
 

Author Comment

by:Roger38
ID: 40323063
Just to add I do not have Cisco switches and hubs.

Thanks,

Roger38
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40323099
Are they managed though? Like can you login to them? If you have Dell or Hp switches they may have similar functionality. Depending on the model. The more information you can provide on your switches, specific to your infrastructure, the easier it will be for people to provide specific answers. Make model and software version are usually good places to start.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40323302
If they are managed switches you can use the same principle to find which switch a MAC address passes through.  At switch 1 you show the MAC address table - it tells you which port it is known via.  Then you go to the switch connected to that port and do the same, and so on until you find the device.

This is effectively the tracert in layer-2.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40323745
If you have unmanaged switches, then all you can do is start unplugging cables to see either what dies, or what lights go out.
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40324009
You can script the process, if you want to do some nancy drew type work. If you start with the output of pinging every host in your subnet as a baseline for your host IPs, you should be able to compare a ping sweep of the subnet against that, and the host up returned would be the IP of the switch port that was unplugged. If that makes sense?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 4

Expert Comment

by:exploitedj
ID: 40324030
Disclaimer, all this is very intrusive...

Assuming Linux, initial scan would just be the output of a simple ping sweep to get all the host IPs. Like:

for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip" || : ; done  >> initial_scan.txt

Then use the following as you unplug stuff to tell you what you just took offline:

#!/bin/bash
HOSTS=initial_scan.txt
COUNT=4
for myHost in $HOSTS
do
  count=$(ping -c $COUNT $myHost | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')
  if [ $count -eq 0 ]; then
    # 100% failed
    echo "Host : $myHost is down (ping failed)"
  fi
done
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40324032
Hopefully obviously, plugging stuff back in once you notate the port, before moving on to the next host. :)
0
 

Author Comment

by:Roger38
ID: 40324033
Some are managed switches and some are not.

On managed switch when I ran that command sh mac address, some ports give different mac addresses ever time. I found that particular ports were connected via Cross over cable to another switch. But then Why did the MAC address changed?

Also unplugging is out of question, because its production environment.

I was hoping o find a utility that just trace the MAC address hops from PC to the server.

Thanks,

Roger38
0
 
LVL 4

Expert Comment

by:exploitedj
ID: 40324055
Ports give different MACs or many MACs. Many makes sense for an uplink. I would have to see an example if it is something else.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40325137
There is no "mac" level trace route type command.  So the only way is if you have a managed switched is hope it has a command to show you the mac to port address table.

Each switch brand and sometimes model has a different command to show you this information. So it makes it difficult to create a utility.

You might be able to get this using SNMP, but you would need to find the OID for your switch.

What brand and model switches do you have?
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40325316
There is no "mac" level trace route type command.  So the only way is if you have a managed switched is hope it has a command to show you the mac to port address table.

Not strictly true.  Some Cisco switches (nearly all now) have a traceroute mac command which will allow you to find a MAC on the same VLAN on a distant switch.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_13_ea1/command/reference/3550cr/cli3.pdf
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40325681
craigbeck, thanks!!!  Never knew that, but there is soo much stuff out there to know.  That is what is great about EE.

It looks like they have not ported this to Nexus, yet.  Hopefully they will.  Makes chasing down what port a server is on much quicker.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40325772
Pleasure, giltjr :-)

You're right - it's not available on NX-OS unfortunately.
0
 
LVL 4

Accepted Solution

by:
exploitedj earned 500 total points
ID: 40325925
This tool:

http://www.reocities.com/milicsasa/Tools/l2trace/index.html

Similarly relies on CDP, (it feels like a perl version of the Cisco utility)  and since you mentioned you are not using Cisco switches it may not work (due to CDP), but I know HP switches can pass on CDP info. Still, don't know your switch types, milage may vary, other disclaimers, etc...
0
 

Author Closing Comment

by:Roger38
ID: 40342862
Thanks.
0
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40342895
How can you mark this as the correct answer if the tool is for Cisco switches and you don't have Cisco switches to verify the solution?
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now