Layer2 on Ethernet doesn't have any hop counter such as TTL on IPv4
header, that's why Spanning-Tree-Protocol is needed to avoid loops on
network topology.
In order to know a layer 2 path, that feature that has to be provided by
the vendor on the switching devices in the path. Cisco calls it "Layer 2
Traceroute utility" and it mainly relies on the Cisco Discovery Protocol
(CDP) feature.
"traceroute mac" or "traceroute mac ip" CLI commands are the answer. :)
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00804357b3.html#wp1122528
You can enter the traceroute mac or the traceroute mac ip
privileged EXEC command on a switch that is not in the Layer 2
path from the source device to the destination device. All devices
in the path must be reachable from this switch.
The traceroute mac command output shows the Layer 2 path only when
the specified source and destination MAC addresses belong to the
same VLAN. If you specify source and destination MAC addresses
that belong to different VLANs, the Layer 2 path is not identified
and an error message appears.
The Layer 2 traceroute utility identifies the Layer 2 path
that a packet takes from a source device to a destination
device. Layer 2 traceroute supports only unicast source
and destination MAC addresses. The utility determines the
path by using the MAC address tables of the switches in the
path. When the Layer 2 traceroute utility detects a device in
the path that does not support Layer 2 traceroute, it continues
to send Layer 2 trace queries and allows them to time out.
Regards,
riftman wrote:
Hello,
I would like to know if it is possible to do like a traceroute
but on layer 2.
I need to see the equipment that is between source and target
machines.
Thanks in advance;
PS: Sorry my English, this is my first post ... be kind
---------------------------------------------------------------------
Carlos Fragoso Mariscal - Network & Security Engineer/Incident Handler
Anella Cientifica RREN Incident Response Team (ERIAC) AS13041 CFM1-RIPE
Communications and Operations Dept.-Supercomputing Center of Catalonia
CCNA CCNP* GSEC GCFW GCIH GREM GHTQ SSP-MPA
cfragoso@cesca.es phone:+34932056464 fax:+34932056979 inocdba:13041*CFM
pgp:0x0E4EDE07 335C CB9F 84E8 85E9 A62B EF3A 102F 01FF 0E4E DE07
---------------------------------------------------------------------
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
