we have ethernet network with many segments, something like campus, quite a lot of cascading switches, most of them unmanageable. sometimes, we have guests who come with their notebuk and attaches to the lan. their ip address is all i may notice, but is har to detect where is it located, which part of campus

is there some tool to trace on which switch is the computer with particular ip address attached? something like "tracert" command does, telling me over which routers is the computer connecte. but, in my case, i will like to trace not layer-3, but layer-2 info, i mean to check switches [supposing each port on each switch has its own layer-2 address, is it correct?]


Not with unmanaged switches.

With managed switches you would examine the forwarding tables on the switches looking to see out which port traffic for that laptops MAC address goes. Any MAC address on a switch isn't really interesting in this exercise.

The other option is to start wandering around with a packet sniffer, connecting it inline on ports here and there looking for traffic to/from the MAC address in question.

This is probably as much a question for comp.dcom.lans.ethernet as anything else, so I've set followups to that group.

rick jones

Rick Jones

Not really difficult, either. We've built numerous of those over the years. SNMP and some scripting is all you need, though knowledge of the layout can speed up tracing considerably.

It brings up another question, which should probably go in a more SNMP related newsgroup, but for ethernet devices I might as well ask here initially:

Are there still devices around that support the snmp packet capture mib?

