Re: Detecting a swtich

• Previous message: Walter Roberson: "Re: Detecting a swtich"
• In reply to: Walter Roberson: "Re: Detecting a swtich"
• Next in thread: step_y_at_yahoo.com: "Re: Detecting a swtich"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 27 Apr 2005 15:17:59 GMT

In article <d4oa0i$ho4$1@canopus.cc.umanitoba.ca>,
Walter Roberson <roberson@ibd.nrc-cnrc.gc.ca> wrote:
|In article <1114590799.617477.218320@o13g2000cwo.googlegroups.com>,
| <manohar.katoch@gmail.com> wrote:
|:Is there a tool that lets u detect if the device is a hub, unmanaged
|:switch or a managed switch connected on a network.?

|Not reliably.

I forgot a case:

Some switches, such as Cisco switches, may send out proprietary
packets such as CDP (Cisco Discovery Protocol) packets. If you see
CDP packets and the IP embedded in the CDP matches the device
IP, then you can be fairly sure that the device is a managable
Cisco device. Most non-Cisco switches will, though, pass on
CDP instead of blocking it, so the presence of CDP packets by
themselves is not enough.

You can look for -hints- in factors such as the structure of
the BPDU's and details of the spanning tree costs passed to you.
This is not reliable.

You can always try sending SNMP or RMON packets with a community
of "public" or "rmon" respectively -- if the device replies then
you know it is managed. If the device does not reply, then it
just might not be allowing that community string, or might be
requiring SNMP Authentication, or might be set to disallow
SNMP from you.

If you somehow see SYSLOG (udp 514) or SNMP Trap (UDP/TCP 162)
from the device, you know it is managed... but see the notes
in the previous posting about it being unlikely you would see these.

-- 
   History is a pile of debris               -- Laurie Anderson

• Previous message: Walter Roberson: "Re: Detecting a swtich"
• In reply to: Walter Roberson: "Re: Detecting a swtich"
• Next in thread: step_y_at_yahoo.com: "Re: Detecting a swtich"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Port trunking / link aggregation problem ... A port trunk always sends packets from a particular source ... A single link is designated for flooding broadcasts and packets ... As a result typical switches allow you to do load balancing based ... (comp.dcom.lans.ethernet) Re: How to findout which a device (switch/hub/Router) is based on bridge implementtaion? ... - hubs are not able to mix speeds, so if there are a mix of 10 and 100 ... remote switches; switches are not supposed to pass on BPDU from ... hubs will transparently pass on "overlength" packets ... (comp.dcom.lans.ethernet) Re: Strange logon attempts ... - sniff the packets from this machine to get extra info such as its MAC ... And that's provided that the switches are managed switches ... you'd need to swap in a hub in order to do the sniffing. ... (comp.security.misc) Re: IP Options - alert packets? ... We use Cisco 2950 switches as our floor switches ... the IP Options field that I expected to be zero. ... Which probably means all of the router alert packets get process ... (comp.dcom.sys.cisco) Re: Cisco CDP ... Try Nedi, I use it on FreeBSD. ... > Has anybody in this group ever tried to use .NET to send Cisco's CDP ... > packets. ... (microsoft.public.dotnet.languages.csharp)