Determine the device is a router or switch given the Device IP

Discussion in 'Cisco' started by kiranreddyd@gmail.com, Dec 22, 2004.

  1. Guest

    Hello,

    Device IP is given. My task is to determine whether the device IP
    is that of router or switch or some other device. How can I do that?

    Basically I need to know the type of the device from the IP
    through some means like snmp, telnet etc....
    Any help?

    Thanks in Advance

    Regards
    Kiran
    , Dec 22, 2004
    #1
    1. Advertising

  2. wrote:
    > Hello,
    >
    > Device IP is given. My task is to determine whether the device IP
    > is that of router or switch or some other device. How can I do that?
    >
    > Basically I need to know the type of the device from the IP
    > through some means like snmp, telnet etc....
    > Any help?
    >
    > Thanks in Advance
    >
    > Regards
    > Kiran
    >



    If you have a unix box (and root privileges) try 'nmap'

    [root@lithium root]# nmap -O 192.168.0.2

    Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
    Interesting ports on (192.168.0.2):
    (The 1599 ports scanned but not shown below are in state: closed)
    Port State Service
    23/tcp open telnet
    79/tcp open finger
    Remote operating system guess: Cisco IOS 11.3 - 12.0(11)

    Nmap run completed -- 1 IP address (1 host up) scanned in 17 seconds



    [root@lithium root]# nmap -O a.b.c.d

    Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
    Interesting ports on (a.b.c.d):
    (The 1600 ports scanned but not shown below are in state: closed)
    Port State Service
    1720/tcp open H.323/Q.931
    Remote operating system guess: Cisco 801/1720 running 12.2.8

    Nmap run completed -- 1 IP address (1 host up) scanned in 8 seconds


    Brendon
    ++++
    Brendon Caligari, Dec 22, 2004
    #2
    1. Advertising

  3. Guest

    Hi,
    Thanks for ur quick response.

    But device containing Cisco IOS can also be switch...that is my actual
    problem....I have an IP address and OS running on it but I dont know
    which is Router or switch...I need to the know which IPs r routers.
    Regards
    Kiran
    , Dec 22, 2004
    #3
  4. Steve Guest

    On 22 Dec 2004 03:00:27 -0800, wrote:

    >Hi,
    >Thanks for ur quick response.
    >
    >But device containing Cisco IOS can also be switch...that is my actual
    >problem....I have an IP address and OS running on it but I dont know
    >which is Router or switch...I need to the know which IPs r routers.
    >Regards
    >Kiran


    Hi Kiran,

    If SNMP is permissible, just snmpget system.sysDescr.0 eg:

    bash:/usr/home/bob$snmpget -v 1 switchname public system.sysDescr.0
    system.sysDescr.0 = Cisco Internetwork Operating System Software
    IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-IS-M), Version
    12.1(23)E, RELEASE SOFTWARE (fc2)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2004 by cisco Systems, Inc.

    Above was for a 4507R

    bash:/usr/home/bob$snmpget -v 1 routername public system.sysDescr.0
    system.sysDescr.0 = Cisco Internetwork Operating System Software
    IOS (tm) 3700 Software (C3725-IS-M), Version 12.2(15)T2, RELEASE
    SOFTWARE (fc2)
    TAC Support: http://www.cisco.com/tac
    Copyright (c) 1986-2003 by cisco Systems, Inc.
    Compiled Wed 30-Apr-03 23:52 by nmasa

    Above for a 3725

    HTH
    Steve
    Steve, Dec 22, 2004
    #4
  5. Guest

    Hi Steve,

    Thanks for the reply.

    The actual problem is I need to get a list of all routers in our
    network...using nmap I can get all device IPs and OS running on
    it...with that information how do I know which IP is a router and which
    one switch.

    Is there any other way to get all the routers in the network?
    Thanks in Advance

    Regards
    Kiran
    , Dec 22, 2004
    #5
  6. Steve Guest

    On 22 Dec 2004 03:58:12 -0800, wrote:

    >Hi Steve,
    >
    >Thanks for the reply.
    >
    >The actual problem is I need to get a list of all routers in our
    >network...using nmap I can get all device IPs and OS running on
    >it...with that information how do I know which IP is a router and which
    >one switch.
    >
    >Is there any other way to get all the routers in the network?
    >Thanks in Advance
    >
    >Regards
    >Kiran


    Sorry if I'm missing something here, but if you've got a list of IPs
    to feed to nmap, why not just feed them to snmpget instead?

    Steve
    Steve, Dec 22, 2004
    #6
  7. wrote:
    > Hi,
    > Thanks for ur quick response.
    >
    > But device containing Cisco IOS can also be switch...that is my actual
    > problem....I have an IP address and OS running on it but I dont know
    > which is Router or switch...I need to the know which IPs r routers.
    > Regards
    > Kiran
    >


    I haven't used any myself (maybe it's about time i should) but you may
    try to find some "NETWORK DISCOVERY" tool (or if you don't find anything
    suitable write one and open source it :)

    It's got to be a mixture of techniques to determine what is what on a
    network. Ping, traces, OS fingerprinting, port scanning.......

    Operating systems like Linux and even less capable platforms like Win2k
    can do routing between interfaces. An unmanaged switch may not even
    have an IP, and a layer 3 switch may be doing routing.


    Brendon
    Brendon Caligari, Dec 22, 2004
    #7
  8. wrote:
    > Hello,
    >
    > Device IP is given. My task is to determine whether the device IP
    > is that of router or switch or some other device. How can I do that?
    >
    > Basically I need to know the type of the device from the IP
    > through some means like snmp, telnet etc....
    > Any help?
    >
    > Thanks in Advance
    >
    > Regards
    > Kiran
    >

    Hi Kiran,

    Give look@lan a try. It's free and you can download it here:

    http://www.lookatlan.com/

    It will also do the snmp reads for you.

    Lex.
    lex van der lugt, Dec 22, 2004
    #8
  9. In article <41cc66a6.9502614@10.185.234.23>,
    Steve <> wrote:
    :Sorry if I'm missing something here, but if you've got a list of IPs
    :to feed to nmap, why not just feed them to snmpget instead?

    Suppose you don't know the SNMP community?
    --
    "Mathematics? I speak it like a native." -- Spike Milligan
    Walter Roberson, Dec 22, 2004
    #9
  10. In article <>,
    <> wrote:
    :But device containing Cisco IOS can also be switch...that is my actual
    :problem....I have an IP address and OS running on it but I dont know
    :which is Router or switch...I need to the know which IPs r routers.

    *If* you know the SNMP community then example the sysServices
    OID, .1.3.6.1.2.1.1.7.0 . You will find a description of that in
    the RFC1213 MIB.

    Cat3750 (multilayer switch, aka limited router): 6 (Layer 3 + Layer 2)
    720xVXR (router): 6 (Layer 3 + Layer 2)
    PIX525 (firewall): 4 (Layer 3)
    Nortel 450 switch: 3 (Layer 1 + Layer 2)
    Nortel Accelar 1150 (L3 switch): 6 (Layer 3 + Layer 2)
    Novell 5.1 (server): 12 (layer 3 + Layer 4)
    HP LJ2100 (printer): 64 (layer 7)
    --
    Rump-Titty-Titty-Tum-TAH-Tee -- Fritz Lieber
    Walter Roberson, Dec 22, 2004
    #10
  11. In article <>,
    <> wrote:
    :Device IP is given. My task is to determine whether the device IP
    :is that of router or switch or some other device. How can I do that?

    Are you sure you aren't Pankaj ? If you aren't, then you and
    he should get together, since he's doing the same thing except
    asking the same questions about 1/2 a day earlier. Pankaj is, though,
    known for asking the same question 4 times in a row, apparently
    hoping that the answer will change.

    :Basically I need to know the type of the device from the IP
    :through some means like snmp, telnet etc....
    :Any help?

    Well, you could try the techniques I wrote up in this newsgroup
    about 13 hours ago,

    http://groups.google.ca/groups?selm=cqb5v7$2g6$
    --
    Is "meme" descriptive or perscriptive? Does the knowledge that
    memes exist not subtly encourage the creation of more memes?
    -- A Child's Garden Of Memes
    Walter Roberson, Dec 22, 2004
    #11
  12. Eric Guest

    If he doesn't have the snmp read community he probably shouldn't be
    scanning them with any of the above mentioned tools. If he has a valid
    need for this the network admin should provide him the read community
    and then you can use a combination of nmap and snmpget but without
    telnet access you are not going to truly know if certain switches have
    layer 3 turned on or not.
    Eric, Dec 23, 2004
    #12
  13. In article <>,
    Eric <> wrote:
    :If he doesn't have the snmp read community he probably shouldn't be
    :scanning them with any of the above mentioned tools. If he has a valid
    :need for this the network admin should provide him the read community

    - Network admins are human and lose track of devices
    - Network admins get fired or quit before having thoroughly documented
    the network
    - Network admins can be too overloaded to properly document the network
    - Network admins can be too inexperienced to document everything
    - Network admins sometimes don't get hired at all, and the person
    who has to figure out what's happening is whoever arrived latest for the
    meeting
    - Network admins are sometimes told very firmly that they are not to
    interfere with people doing work, and are instead only to "coordinate"
    efforts, or are only to step in when a disaster has already occured.
    Thus, network admins don't always have control over what routers go on
    their networks, and don't always get told
    - People sneak devices onto the network without telling network admins.
    These devices are not always detectable until they happen to talk to
    a segment where the network admin has an active probe


    :and then you can use a combination of nmap and snmpget but without
    :telnet access you are not going to truly know if certain switches have
    :layer 3 turned on or not.

    If it has the routing table OIDs populated, then it has layer 3
    turned on. That doesn't mean that all combinations of routes are
    possible on the device -- there could be conditional routings or
    access controls.

    Also, the existance of the routing table OIDs does not necessarily
    mean that the device is one you would think of as being a router.
    For example, I last night I noticed that one of the printers in the
    building has been implimented not with a plain gateway IP, but
    rather with a default route (0.0.0.0 mask 0.0.0.0) to the gateway.
    If I recall correctly, that particular model of printer can in theory
    have multiple interface types simultaneously... but I wouldn't
    expect it to forward information between interfaces!


    One issue with looking at the routing table OIDs is that they could
    be part of VRFs (Virtual Router Facility), and so a routing table
    might only apply to part of the device, or might apply only to
    a particular VLAN. Sometimes devices (Cisco devices in particular)
    need special formats in order to SNMP out information related
    to particular VLANs. Cisco used to use "community string
    indexing", using a special format of the usual community string
    to indicate which VLAN was being referred to. They changed the
    formats, but last time [some months ago] that someone asked about
    the new format, I was not able to find the new mechanism documented.
    --
    The image data is transmitted back to Earth at the speed of light
    and usually at 12 bits per pixel.
    Walter Roberson, Dec 23, 2004
    #13
  14. Erik Freitag Guest

    On Wed, 22 Dec 2004 03:00:27 -0800, kiranreddyd wrote:

    > Hi,
    > Thanks for ur quick response.
    >
    > But device containing Cisco IOS can also be switch...that is my actual
    > problem....I have an IP address and OS running on it but I dont know
    > which is Router or switch...I need to the know which IPs r routers.


    A router running IOS might not actually be routing - could just be
    bridging. Would that count as a router for your purposes? If so, you might
    be better off tracing cable.

    The question of what is actually a router can get a little complicated, as
    Walter's example of a printer that might forward packets shows.

    Can you tell us more about why you want to know if a given IP is a router?
    it might help us to answer the question more helpfully.
    Erik Freitag, Dec 26, 2004
    #14
  15. Erik Freitag Guest

    On Wed, 22 Dec 2004 00:27:43 -0800, kiranreddyd wrote:

    > Hello,
    >
    > Device IP is given. My task is to determine whether the device IP
    > is that of router or switch or some other device. How can I do that?


    I think all of the methods suggested here and in 's
    identical thread assume that the network is properly configured. If that's
    a valid assumption, you could try making the IP the default gateway for
    your client and issuing a traceroute to an IP not on your subnet. If you
    get a TTL expired back, you're probably looking at a router.
    Erik Freitag, Dec 26, 2004
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chris
    Replies:
    2
    Views:
    466
  2. Replies:
    2
    Views:
    2,265
  3. Jack B. Pollack

    How to determine if controller & device are USB2

    Jack B. Pollack, Oct 28, 2006, in forum: Computer Support
    Replies:
    2
    Views:
    603
    Jack B. Pollack
    Oct 28, 2006
  4. Replies:
    0
    Views:
    2,829
  5. Replies:
    0
    Views:
    934
Loading...

Share This Page