Re: Layer 2 Trace

[Carles Fragoso i Mariscal <cfragoso () cesca es>]

Layer2 on Ethernet doesn't have any hop counter such as TTL on IPv4
header, that's why Spanning-Tree-Protocol is needed to avoid loops on
network topology.

In order to know a layer 2 path, that feature that has to be provided by
the vendor on the switching devices in the path. Cisco calls it "Layer 2
Traceroute utility" and it mainly relies on the Cisco Discovery Protocol
(CDP) feature.

"traceroute mac" or "traceroute mac ip" CLI commands are the answer. :)
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00804357b3.html#wp1122528

> You can enter the traceroute mac or the traceroute mac ip
> privileged EXEC command on a switch that is not in the Layer 2
> path from the source device to the destination device. All devices
> in the path must be reachable from this switch.

> The traceroute mac command output shows the Layer 2 path only when
> the specified source and destination MAC addresses belong to the
> same VLAN. If you specify source and destination MAC addresses
> that belong to different VLANs, the Layer 2 path is not identified
> and an error message appears.

> The Layer 2 traceroute utility identifies the Layer 2 path
> that a packet takes from a source device to a destination
> device. Layer 2 traceroute supports only unicast source
> and destination MAC addresses. The utility determines the
> path by using the MAC address tables of the switches in the
> path. When the Layer 2 traceroute utility detects a device in
> the path that does not support Layer 2 traceroute, it continues
> to send Layer 2 trace queries and allows them to time out.

Regards,

riftman wrote:
> Hello,
>       I would like to know if it is possible to do like a traceroute
> but on layer 2.
>       I need to see the equipment that is between source and target
> machines.
>
>       Thanks in advance;
>
> PS: Sorry my English, this is my first post ... be kind

---------------------------------------------------------------------
Carlos Fragoso Mariscal - Network & Security Engineer/Incident Handler
Anella Cientifica RREN Incident Response Team (ERIAC) AS13041 CFM1-RIPE
Communications and Operations Dept.-Supercomputing Center of Catalonia
  CCNA    CCNP*    GSEC    GCFW    GCIH    GREM    GHTQ    SSP-MPA
cfragoso () cesca es phone:+34932056464 fax:+34932056979 inocdba:13041*CFM
 pgp:0x0E4EDE07   335C CB9F 84E8 85E9 A62B  EF3A 102F 01FF 0E4E DE07
---------------------------------------------------------------------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------