Identify the device if it is hub, switch, router or gateway

networking router gateway hub

If you are given two hosts which are connected via a blackbox which you dont know. How can you recognize that blackbox as hub, switch, router or gateway without using any additional device or host?

One more thing: You can not perform any operation on the blackbox. You can't do anything with blackbox. You have access to two hosts only.


Solution 1:

In the case that both hosts that have mutual connectivity...

The blackbox must be a router if any of the following are true:

  • The two hosts have IP addresses in different IP networks.
  • A broadcast ping (ie: 255.255.255.255) from one host does not increment traffic counters on the other host.
  • Either hosts' ARP table does not have an entry for the other host.

Else, the blackbox is functioning as a switch or a hub.

The blackbox must be a switch if any of the following are true:

  • The NICs of both hosts are configured Full Duplex and their interface counters are not showing collisions or other errors.
  • A tcpdump or other traffic monitoring application running on either host shows no more than one unicast ethernet frame, if any, with the destination MAC address of the other host.
  • A traffic monitoring program never detects a two-way unicast exchange between two other hosts that itself is not participating.
  • A flood ping from one host to the other does not completely cripple connectivity.

The blackbox must then be a hub if:

  • A traffic monitoring program can detect a two-way unicast exchange between two other hosts.

Solution 2:

Given only two hosts:

  1. A hub or unmanaged switch will be mostly invisible.
  2. A managed switch and a router will have a MAC address on the interface. If it is an IP network, these devices will appear as a "hop" in a Traceroute. From the MAC, you can get some information about the manufacturer

I'm not sure what you mean by "gateway." My understanding is that a gateway is just a role for a router to play. In this case, a router is detected like above.

If your managed switches and routers have SNMP available, you can query these devices to find out a plethora of data about the make/model/type of device.

I said "mostly" invisible above because, theoretically, there is a minuscule latency added to the packet traversal. However, given only two hosts, this latency would be next to impossible to detect.

Solution 3:

I'm assuming that

  • "router or gateway" is a single term. They really mean the same thing.
  • you can look at the blackbox and unplug wires from it

Hubs will:

  • Have multiple ports
  • Have a collision LED
  • Not be gigabit (there aren't any such thing as gigabit hubs)
  • Replicate traffic that comes in on one port to all other ports, on a Layer 2 basis.

Switches will:

  • Have multiple ports
  • Not have a collision LED
  • Replicate traffic that comes in on one port to all other ports, on a Layer 2 basis, IF it hasn't seen that destination MAC address before.
  • Replicate traffic that comes in on one port to a specific other port, on a Layer 2 basis, IF it knows which port the destination MAC address lives at.

Routers will:

  • Usually have two interfaces. Routers that have multiple LAN ports are really a built-in switch plus router combination.
  • Forward traffic on a Layer 3 basis between two separate networks connected to each interface. Since it's Layer 3, each interface needs an IP + subnet mask.
  • Typically not forward broadcast traffic.

So really just by looking at the devices you can generally tell what it is.

If the black box is entirely unknown, and you cannot plug/unplug wires from it, the following can be inferred if systems are already up and running on it.

  • If you have two hosts and a black box, and both hosts are on the same subnet and are talking, the device is a switch or hub. If both hosts are on different subnets, it's a router.
  • If it's a switch or hub and you are working at gigabit speeds, it's a switch.
  • To find out if it's a switch or hub, you will need to
    • put the NIC of both host A and B into promiscuous mode.
    • have A send traffic to B normally, this will cause any switch to learn the MAC address.
    • have A send traffic directed to a MAC address that is not B's mac. There are various tools and ways to do this. If you see traffic on B afterwards, you are on a hub, if not, you are on a switch.

Related

Configure FirewallD to allow bridged virtual machine network access
cd command not working. Cant change directory in windows 10 [duplicate]
What is the equivalent of Bash's cat -n in PowerShell?
In a .bat file, how can I test available disk space?
How can I disable software update notifications in kde/plasma
wildcard character `* ` can't match some string?
How do I backup & archive files automatically in Windows? [closed]
What does the mortar and pestle Safari address bar icon indicate
Accidentally changed an IPv4 setting on Synology NAS Cannot access it anymore
How can I remote desktop from Windows XP into Windows Vista?
How to join files on the command line without creating temp files?
Preventing Opera from switching over to new tab