This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Niall_Lynch
Explorer
‎2022-01-24 10:41 AM

Determine the IP address of a connected switch

Hello,

I am hoping someone may be able to help me out here. Thanks in advance.

I have a cluster of 6200 devices. I have a netgear switch which is connected to one of the interfaces but I do not know the IP address of the switch. Is it possible to determine the IP Address of the switch if I have the MAC address of the switch please? I have performed an arp -a but I could not see the MAC address of the device.

Many thanks.

0 Kudos
9 Replies
_Val_
Admin
Admin
‎2022-01-24 11:51 PM

Are you sure that Switch even have an IP? It might be that it does not. Why not to look on the switch itself?

0 Kudos
Niall_Lynch
Explorer
‎2022-01-25 01:22 AM
In response to _Val_

Thanks Val, I tried the default IP address of the switch with no luck. 

0 Kudos
_Val_
Admin
Admin
‎2022-01-25 01:55 AM
In response to Niall_Lynch

Connect console, look locally on the switch. It may not have ANY IP address to begin with. 

0 Kudos
Guy_Grundman
Employee
Employee
‎2022-01-25 12:21 AM

if you are referring to the switch management IP, running lldpneighbors in expert mode might help.

0 Kudos
Niall_Lynch
Explorer
‎2022-01-25 01:26 AM
In response to Guy_Grundman

Thanks Guy, I tried lldpneighbors but it did not work. I got lldpneighbors couldn't connect to the OpenLDP transport socket. Is lldpd running? 

My cluster is running on R80.40

0 Kudos
Guy_Grundman
Employee
Employee
‎2022-01-25 04:06 AM
In response to Niall_Lynch

Unfortunately LLDP is support from R81.

0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2022-01-25 05:17 AM

Do you see different results if you ping the broadcast address of the subnet first?

CCSM R77/R80/ELITE
0 Kudos
Ruan_Kotze
MVP Gold
MVP Gold
‎2022-01-25 05:18 AM

This is not something I tried myself, but what about using tcpdump to see if you can capture lldp packets on the wire?

This certainly looks promising - https://medium.com/@getGroovy/lldp-packet-sniffing-38f999e733fa

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2022-01-25 06:09 AM

There will be two ways to determine the management IP address of the switch: active and passive.  Passive depends on the switch emanating some identifying information such as CDP or LLDP.  My Max Power 2020 book covered how to capture CDP and/or LLDP traffic if it is there; the techniques are listed below.  The switch should always emanate BPDUs for Spanning Tree purposes and you will be able to see these frames in a capture, but they do not contain Layer 3 information such as an IP address to my knowledge.  Ensure that any capture you run is allowed to execute for at least 60 seconds.

As far as active techniques, as Chris said you can try pinging the network broadcast address like this: ping -b 192.168.1.255; then check your ARP cache with arp -an to see if the switch IP has showed up.  You can also try ping -b -I (interfacename) 255.255.255.255.  But some devices won't answer a broadcast ping for whatever reason, so you could run something like this then check the ARP cache afterward:

#!/bin/sh

CNTR=1

while [ $CNTR -lt 254 ]
do
ping 192.168.1.$CNTR -c 1 -t 1 -n
CNTR=$(( $CNTR + 1 ))
done

 

discovery1.pngdiscovery2.pngdiscovery3.png

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events