Can you find the switch IP address

checking an ARP table would mean there was a router on the network. and to use tracert, you would actually need the IP address of the device, which is what we're looking for in the first place.

Thanks for that Tiamat, what I do mean is to use tracert to another computer connected on the switch. In this it will present all the nodes it goes into.

If you are doing a trace route to another computer connected to the same switch the next hop is the destination computer's IP address. I.E. you won't see the switch's IP as a hop because tracert uses ICMP, which is a layer 3 protocol.

you can d/l an eval copy of SolarWinds, use the cisco tools to try to discover the configuration based on the community string if there is one set. Also if you can console into the switch you may be able to gleen the necessary info.

A little jugglery with ARP can do this for you...

ARP all IP's in the subnet, look at the first 3 bytes of the MAC replies.. if you see any of these

www.coffer.com/mac_find/?string=cisco

Then you should have found your switch (or router / PIX )
The idea is to look at the Vendor part of the MAC address.

You could do this with nmap 3.75
Off the top of my head.....

nmap -sP 192.168.1.0/24 | grep -v 'cisco'

You get the idea.


Now you've got me thinking outta the box.. another interesting way (check whether this works) is to send ICMP timestamp / address mask / information request messages...

Usually only network devices will reply to these ICMP queries..

If someone bothers checking this out, drop the results here, I'm interested.


Cheers,

sahirh,

Yes, while you can check the mac address and cross reference the vendor, imagine trying this on something like a /20 network with hundreds of switches (although I can't imagine a network that large that wouldn't be documented at all). Your solution would work on a smaller network with only 1 or 2 other switches though.