Re: Locating switches in a multi-layer switching environment

From: Santiago Barahona <sant-bar@xxxxxxxxx>
Date: Wed, 21 Mar 2007 08:04:38 +0100

if you have access to a port with CDP enabled you can re-negotiate to trunk mode...
check out Yersina

regards
Santiago

On 18 Mar 07, at 22:44, Ozan Ozkara wrote:

Hi,

There are many things about that. I thing that you could try to locate
port-socket based map from vendor's management software. Then, to create
supervisor VLAN on the core switch. Both this VLAN must be responsible
for central management of the network and members of vlans IPs must be
routed to all vlan network. So you will able be surf on other VLANS.

regards
-ozan

On Sun, 2007-03-18 at 01:46 +0000, Jon R. Kibler wrote:

Hi,

A network recon question: When pen testing an environment that deploys multi-layer switching, how can one reliably map the network and the relative location of all of the switches?

Add to this VLANS... How can you map VLANs that are on the network, especially if your access is but on one VLAN, and that VLAN is different than the switch management VLAN?

Thoughts, tools, tricks, white papers, etc. appreciated.

THANKS!
Jon Kibler

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

References:
- Locating switches in a multi-layer switching environment
  - From: Jon R. Kibler
- Re: Locating switches in a multi-layer switching environment
  - From: Ozan Ozkara

Prev by Date: RE: windows 2003 server
Next by Date: Re: Locating switches in a multi-layer switching environment
Previous by thread: Re: Locating switches in a multi-layer switching environment
Next by thread: Re: Locating switches in a multi-layer switching environment
Index(es):
- Date
- Thread

Relevant Pages

Re: Need guidance on Cisco 6513 install
... having this switch set up on Tuesday by noon, ... The switch itself (and other future network hardware) will be on the ... but you can always choose another vlan number and same ... In a two core environment, ...
(comp.dcom.sys.cisco)
Strange results from a tcpdump, can anyone help?
... traffic was going ballistic on most ports in the network. ... other hosts went to normal (i.e. the only traffic you could see were ... packets from the same vlan destined to other hosts outside ... If it was simply a bad switch with a bad port that had lost it's mac ...
(comp.dcom.lans.ethernet)
Re: Strange results from a tcpdump, can anyone help?
... traffic was going ballistic on most ports in the network. ... other hosts went to normal (i.e. the only traffic you could see were ... packets from the same vlan destined to other hosts outside ... If it was simply a bad switch with a bad port that had lost it's mac ...
(comp.dcom.lans.ethernet)
Re: Help with IGMP
... By default it should forward multicast traffic to all port. ... good, it clog the network. ... It switch is has no VLAN or single VLAN and all ... the layer 2 protocol to allow switch interfaces to join multcast streams. ...
(comp.dcom.sys.cisco)
Re: Locating switches in a multi-layer switching environment
... |switch| Main Computer Room ... MAC addresses are statically assigned to each port. ... but is only visible on the management VLAN. ... You could nmap the entire subnet and use trace route to find out the hope count and network path to the host you find in nmap.. ...
(Pen-Test)