Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5597
  • Last Modified:

Tool similar to Tracert to trace via MAC address in the LAN

Hi ,

We have network with a Flat structure e.g. only one VLAN.

The cabling has no labeling.  Is there a utility or application that can work like Tracert which can give us all the MAC address hops to reach the destination DNS name?

Thanks,

Roger38
0
Roger38
Asked:
Roger38
  • 7
  • 5
  • 4
  • +2
1 Solution
 
exploitedjCommented:
Aside from "arp"?

Should be something like "arp HOSTNAME" depending on the OS.

If you are all truly in one VLAN/ broadcast domain you will get the mac address for that host. You shouldn't have to "go through hops".

If there were separate VLANs and you have Cisco switches (or similar functionality, in some other brands, to CDP) you can probably "traceroute mac", but your milage may vary based on the functionality of your switches.

What are you trying to solve for? The port or switch a host is plugged into? The best place to find that out from is your switches. Is(/Are) your switch(es) managed?
0
 
giltjrCommented:
exploitedj is correct, if you are a single VLAN (and we are assuming a single IP network) there should be no hops.

Hops are referred to when you have different IP networks and you have to route from one IP network to another, and possibly another, to get to a remote host,
0
 
PredragNetwork EngineerCommented:
as exploitedj said arp can give you mac-to-ip connection, but if you have managed cisco switches you can set port security on switches and set command on interfaces        

Switch(config)# interface interface_id
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address sticky

sticky will get mac address from host attached to interface
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
Craig BeckCommented:
If your switches are Cisco (for example) you can use the show mac address-table command.  This will show you which interface a MAC address is reachable via.
0
 
Roger38Author Commented:
All,

Thanks for your comments.

But my questions was in relation to tracing the cable. That's is, which hubs and switches (hops) it  has to pass through to reach the server. This will help me to know exactly how the cable is running from the end device to the server in the server room.

As Tracert will give you the IP addresses of all the routers or hops from the host to destination, I will need a similar tool to trace my cable from the desktop to the server in one VLAN environment so that I will know what are the MAC addresses of all the intermediate hubs and switched are between the PC and the server.

Can you please help?

Roger38
0
 
Roger38Author Commented:
Just to add I do not have Cisco switches and hubs.

Thanks,

Roger38
0
 
exploitedjCommented:
Are they managed though? Like can you login to them? If you have Dell or Hp switches they may have similar functionality. Depending on the model. The more information you can provide on your switches, specific to your infrastructure, the easier it will be for people to provide specific answers. Make model and software version are usually good places to start.
0
 
Craig BeckCommented:
If they are managed switches you can use the same principle to find which switch a MAC address passes through.  At switch 1 you show the MAC address table - it tells you which port it is known via.  Then you go to the switch connected to that port and do the same, and so on until you find the device.

This is effectively the tracert in layer-2.
0
 
giltjrCommented:
If you have unmanaged switches, then all you can do is start unplugging cables to see either what dies, or what lights go out.
0
 
exploitedjCommented:
You can script the process, if you want to do some nancy drew type work. If you start with the output of pinging every host in your subnet as a baseline for your host IPs, you should be able to compare a ping sweep of the subnet against that, and the host up returned would be the IP of the switch port that was unplugged. If that makes sense?
0
 
exploitedjCommented:
Disclaimer, all this is very intrusive...

Assuming Linux, initial scan would just be the output of a simple ping sweep to get all the host IPs. Like:

for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip" || : ; done  >> initial_scan.txt

Then use the following as you unplug stuff to tell you what you just took offline:

#!/bin/bash
HOSTS=initial_scan.txt
COUNT=4
for myHost in $HOSTS
do
  count=$(ping -c $COUNT $myHost | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')
  if [ $count -eq 0 ]; then
    # 100% failed
    echo "Host : $myHost is down (ping failed)"
  fi
done
0
 
exploitedjCommented:
Hopefully obviously, plugging stuff back in once you notate the port, before moving on to the next host. :)
0
 
Roger38Author Commented:
Some are managed switches and some are not.

On managed switch when I ran that command sh mac address, some ports give different mac addresses ever time. I found that particular ports were connected via Cross over cable to another switch. But then Why did the MAC address changed?

Also unplugging is out of question, because its production environment.

I was hoping o find a utility that just trace the MAC address hops from PC to the server.

Thanks,

Roger38
0
 
exploitedjCommented:
Ports give different MACs or many MACs. Many makes sense for an uplink. I would have to see an example if it is something else.
0
 
giltjrCommented:
There is no "mac" level trace route type command.  So the only way is if you have a managed switched is hope it has a command to show you the mac to port address table.

Each switch brand and sometimes model has a different command to show you this information. So it makes it difficult to create a utility.

You might be able to get this using SNMP, but you would need to find the OID for your switch.

What brand and model switches do you have?
0
 
Craig BeckCommented:
There is no "mac" level trace route type command.  So the only way is if you have a managed switched is hope it has a command to show you the mac to port address table.

Not strictly true.  Some Cisco switches (nearly all now) have a traceroute mac command which will allow you to find a MAC on the same VLAN on a distant switch.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_13_ea1/command/reference/3550cr/cli3.pdf
0
 
giltjrCommented:
craigbeck, thanks!!!  Never knew that, but there is soo much stuff out there to know.  That is what is great about EE.

It looks like they have not ported this to Nexus, yet.  Hopefully they will.  Makes chasing down what port a server is on much quicker.
0
 
Craig BeckCommented:
Pleasure, giltjr :-)

You're right - it's not available on NX-OS unfortunately.
0
 
exploitedjCommented:
This tool:

http://www.reocities.com/milicsasa/Tools/l2trace/index.html

Similarly relies on CDP, (it feels like a perl version of the Cisco utility)  and since you mentioned you are not using Cisco switches it may not work (due to CDP), but I know HP switches can pass on CDP info. Still, don't know your switch types, milage may vary, other disclaimers, etc...
0
 
Roger38Author Commented:
Thanks.
0
 
Craig BeckCommented:
How can you mark this as the correct answer if the tool is for Cisco switches and you don't have Cisco switches to verify the solution?
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

  • 7
  • 5
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now