Determine switches between devices on LAN

Solution 1:

If they are Cisco switches (high probability) and they have CDP turned on (decently high probability) then you can sniff the network for CDP traffic.

CDP is link layer protocol that can help you determine layer 2 topologies. (exactly what you're looking for)

More on the protocol: http://en.wikipedia.org/wiki/Cisco_Discovery_Protocol

CDP is Cisco proprietary, but there are similar things from other vendors and an 'official standard called LLDP.

http://en.wikipedia.org/wiki/Link_Layer_Discovery_Protocol

On most Linux hosts you can install a package called 'cdpr' that will sniff and report back a decoded CDP frame if it receives one.

The above method would let you know what switch your end point devices are plugged in to, but you'll be missing any intermediate switch hops in the middle.

If you're not seeing any CDP or LLDP frames, you can make a little bit of inference about what switching topology you're connected to by looking at the Spanning Tree addressing.

Best of Luck.

Solution 2:

Without having access to the switch to trace mac addresses (ie You know device A is patched to switch 1 port 10 you would then search for the mac of device B and trace it to what port it is connected to) there is no way to find out how many switches between two devices.

Solution 3:

The only way to do this is with access to the switches themselves. If all you have access to are end hosts, it will not be possible for you to obtain information about the full topology.

If you are the network administrator, I would recommend documenting your physical topology manually ASAP. There may be open source and/or vendor tools that help you get started, but your network topology should be something you keep track of and modify in a planned way, rather than something you periodically discover.

If you are a user of the network who would like to know the topology, your best option is to speak to your administrator about making this information available through some sort of self service portal or API.

Solution 4:

I know my answer is not exact for current topic, but i hope someone will google something similar and i can help.

So, assuming you have a box you have an access and you have a peer. You already know ip address of this peer (we will not discuss here how to determine it).

That's all. Box you have access to and ip address of the peer. You need to know is there a switch between you and peer.

Craft an arp request packet:

20:17:09.761940 ff:ff:ff:ff:ff:ff > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.200.200.101 tell 10.200.200.221, length 28

Idea is having ff:ff:ff:ff:ff:ff as source mac. In case there is NO switch on your way you will receive an answer:

20:17:09.762234 08:00:27:7b:b0:d7 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Reply 10.200.200.101 is-at 08:00:27:7b:b0:d7, length 28

Switch will not allow arp reply with broadcast mac address. So if you DIDN'T receive answer - you DO have a switch on your way.