Network testing tools

[xchangx]

I'm looking for a testing tool (a physicial device) that identifies either the switch ip it's connected to or what port # on the switch it's connected to.

Fluke has one that costs $3000 and my administration will not approve that.

Any others?

The switches are Cisco switches and I know the fluke models will identify which port # it's plugged into.

Thanks!

 

[spidey07]

Telnet to switch, "show mac-address-table address xxxx.yyyy.xxxx"

 

[cmetz]

xchangx, although CDP is evil, it does exactly what you're looking for - spams the port to tell it what switch and what port on the switch you're connected to.

I think the same thing can be gotten from spanning-tree BPDUs, you can get the MAC address of the switch and the port ID that can be translated back to a human-useful port number.

In both cases, if you run Wireshark on a PC, you should be able to see those packets being broadcasted. Decode them (Wireshark does the hard work for you) and you'll have your switch and port number.

 

[m1ldslide1]

Originally posted by: spidey07
Telnet to switch, "show mac-address-table address xxxx.yyyy.xxxx"

Telnet?!? Them's fightin' words! transport input ssh FTW!

The fluke is listening to CDP packets and telling you the information contained therein. You could easily get the same information sniffing with wireshark, assuming that CDP is enabled on the access ports. At my organization CDP is expressly disabled on all access ports precisely for this reason.

Generally you shouldn't have to be guessing which switch a given port is connected to - if you don't know that already then it sounds like you're either due for A) some auditing or B) some redesign. Or maybe option C which is that you don't actually have a networking job and are looking to wreak some havoc...

 

[spidey07]

I know CDP is the devil, I still like it.

Telnet? If you have somebody that can read your clear text passwords then you have other problems that should be addressed. I love knocking around "security" people.

It's really fun to screw with what they read in a book and asking them to explain why that is a problem.

"erm, err, uhh, but it's bad!"

 

[xchangx]

This is mainly for auditing, we've got a lot of unlabeled jacks here and I need something to tone it out and tell me what port it's on and what switch.

 

[ScottMac]

We just dropped ~$43K for a Fluke OptiView ... so expensive because it does Copper(gig), Fiber(gig) and Wireless(b,g,a,n), plus we added a couple extra software suites to it. It is a mighty sweet lil' box though, we might need another one, maybe two.

The first thing it'll do (if you want it to) after it gets its address is a MIB crawl on everything it can find and ID in the specified diameter.

I recommend it.

 

[m1ldslide1]

Originally posted by: ScottMac
We just dropped ~$43K for a Fluke OptiView ... so expensive because it does Copper(gig), Fiber(gig) and Wireless(b,g,a,n), plus we added a couple extra software suites to it. It is a mighty sweet lil' box though, we might need another one, maybe two.

The first thing it'll do (if you want it to) after it gets its address is a MIB crawl on everything it can find and ID in the specified diameter.

I recommend it.

My former employer purchased one of those while I was there as well, and also an Etherscope to go with it. Having the pair allows for some nice end-to-end benchmarking capabilities, which was useful when working on qualifying new circuits and wireless point-to-point stuff, and generating traffic for QoS testing in the lab. It's a lot of money to invest in a couple of pieces of equipment, especially when there are open-source tools that accomplish lots of the same things, but it is convenient having it all in a compact (and durable) package.

 

[m1ldslide1]

Originally posted by: spidey07
I know CDP is the devil, I still like it.

Telnet? If you have somebody that can read your clear text passwords then you have other problems that should be addressed. I love knocking around "security" people.

It's really fun to screw with what they read in a book and asking them to explain why that is a problem.

"erm, err, uhh, but it's bad!"

Do you feel this way about all best practices? That if a weakness is unlikely to be exploited, that you don't bother configuring the workaround?

 

[cpals]

Originally posted by: ScottMac
We just dropped ~$43K for a Fluke OptiView ... so expensive because it does Copper(gig), Fiber(gig) and Wireless(b,g,a,n), plus we added a couple extra software suites to it. It is a mighty sweet lil' box though, we might need another one, maybe two.

The first thing it'll do (if you want it to) after it gets its address is a MIB crawl on everything it can find and ID in the specified diameter.

I recommend it.

We have an old fluke I use occasionally... runs Windows 95 I thihnk.

 

[cmetz]

spidey07, I agree with your disdain for checklist security. As you're well aware, MOST security companies are snake-oil salesmen, and can't produce someone who actually understands.

However, it is 2009. You should be encrypting and authenticating everything that can sanely be. The days of the wide-open cleartext network are behind us. Maybe using SSH doesn't solve an actual problem in your particular environment, but training everyone to use SSH and not to use telnet helps keep the IT & NOC monkeys from doing something stupid in environments where it would matter. That is to say, it's a best practice, and you need to beat, er, train best practices into people top to bottom, because sometimes it really does matter.

 

[stlcardinals]

Here's my cheap way of identifying ports, Granted I only have about 7 switches I manage. I fire up Cisco Network Assistant, connect to my community, and show the front panel view for the switch i'm working with. I use the snipping tool on Vista to take a snip of the front panel. I then unplug or plug into the wall jack, refresh the Network Assistant view, and then compare the snip to the current view to see which light came on/off.