LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 08-10-2017, 03:56 PM   #1
dpc2008
LQ Newbie
 
Registered: May 2016
Posts: 4

Rep: Reputation: Disabled
Techniques for finding rogue switches without cool hardware/software?


So... sometimes I have to check out our switch topology. We have many sites and sometimes our docs aren't up to date or someone overwrote my updates and 8 months later I'm looking at them and I know there's other switches. What I need to know is what ports are they on. We don't always have the luxury of stacked switches and we don't configure a LACP group for everything. Sometimes we just run one cable to a new switch. Plus, there may be rogure switches out there.

We have an Avaya network and all I can figure to do is run show mac-address-table and look for ports that have a ton of addresses on them. There has to be a better way. Show lldp neighbors doesn't work b/c we have nortel phones that all are little 2 port switches (one port for the PC, the other connects up to the other switches and tags phone traffic).

Is there a better way to do this? It's easy, for instance, to miss a rogue switch that has a PC and a printer on it.
 
Old 08-10-2017, 04:26 PM   #2
Habitual
LQ 5k Club
 
Registered: Jan 2011
Location: Nowhere near you, thank God.
Distribution: OSX Sierra
Posts: 8,591
Blog Entries: 15

Rep: Reputation: Disabled
There may be other methods, but the first one that springs to mind is masscan
So fast!
"Scan the whole internet in 3 minutes"

Here's a working config
Code:
### 2017-06-21
### targets
range = 200.139.112.0/20
rate =  100000.00
output-format = list
output-status = all
output-filename = static.gvt.net.br.xml
ports = 20-25,80,443,U:53,445,631,3306,3389,49152-49155,10000,10051,10050
noshow = closed

### adapter
adapter-ip = 0.0.0.0
adapter-mac = 00:00:00:00:00:00
router-mac = 00:00:00:00:00:00
sudo masscan -c /etc/masscan/gvt.net.br -oL static.gvt.net.br-$(date +"%F")-scan.xml
### other
exclude-file = /etc/masscan/excludes.txt
NOTE: This file should exist, so
Code:
touch /path/to/excludes.txt
It can be empty.
and the c-line I use to run it.
Code:
sudo masscan -c /path/to/config
with these results:
Code:
Starting masscan 1.0.4 (http://bit.ly/14GZzcT) at 2017-08-10 20:22:58 GMT
 -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth
Initiating SYN Stealth Scan
Scanning 4096 hosts [19 ports/host]
cat the static.gvt.net.br.xml file shows:
Code:
#masscan
open tcp 80 200.139.125.5 1502396578
open tcp 443 200.139.127.10 1502396579
open tcp 80 200.139.114.238 1502396579
open tcp 443 200.139.127.82 1502396579
open tcp 80 200.139.127.90 1502396579
open tcp 3389 200.139.114.202 1502396579
open tcp 80 200.139.127.85 1502396580
open tcp 49152 200.139.120.146 1502396580
# end
Should be rather enlightening, I'd think.

Last edited by Habitual; 08-10-2017 at 06:25 PM. Reason: added port 631
 
Old 08-10-2017, 05:35 PM   #3
Habitual
LQ 5k Club
 
Registered: Jan 2011
Location: Nowhere near you, thank God.
Distribution: OSX Sierra
Posts: 8,591
Blog Entries: 15

Rep: Reputation: Disabled
Only "range" needs to be edited.

Last edited by Habitual; 08-19-2017 at 01:27 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The best tools and techniques for finding data on Unix systems LXer Syndicated Linux News 0 07-09-2015 12:15 AM
[SOLVED] Snmpget not finding the OIDs on ProCurve switches jbruyet Linux - Software 6 09-11-2012 05:44 PM
LXer: 7 basic software marketing techniques LXer Syndicated Linux News 0 09-20-2006 09:03 PM
Finding rogue access points in the office paulsh2k4 Linux - Security 1 10-15-2004 07:42 PM
Finding rogue access points in the office paulsh2k4 Linux - Software 1 10-15-2004 04:05 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 05:55 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration