Network Layer 2 Trace

December 4, 2005

Hello,
I would like to know if it is possible to do like a traceroute
but on layer 2.
I need to see the equipment that is between source and target
machines.

Thanks in advance;

PS: Sorry my English, this is my first post … be kind

- Layer two only provides connectivity to machines attached to the same
segment. In the case of ethernet, this means the local network segment,
such as a 192.168.0.1/24 class C subnet of 255 hosts – in order to
communicate with hosts on a wide area/extended/inter network (ie. across
more than one local network), traffic needs to be routed (which occurs
at layer three).

You can view the ethernet (MAC) addresses of other machines in the same
layer two ethernet segment as you, but traffic for these hosts is
broadcast to the local network, and as such I don’t think there would be
any practical way to ascertain what layer two equipment was in between a
pair of hosts other than by physically looking at it, or
manually/automatically logging into equipment (say, via SNMP) in order
to view MAC/CAM tables and port assignments.

Hope this helps!

James.

- An L3 traceroute gives you a very good idea of which L2 devices are in
the path between source and destination – if it does L3, has to do L2
(and L1 )

The question is: what are you trying to achieve? What additional
information would you get from a L2 traceroute that you cannot obtain
from an L3 traceroute + additional tools to identify the specific L3
device?

Agreed: your packet *might be* traversing one or more
switches/bridges/translational bridges which would be transparent to
your L3 traceroute.

Cisco does implement an L2 traceroute feature – but many preconditions
have to be met. Check:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/122sx/swcg/l

2trace.htm

A generic L2 traceroute looks to me like a difficult thing to do.

Dario

- Layer2 on Ethernet doesn’t have any hop counter such as TTL on IPv4
header, that’s why Spanning-Tree-Protocol is needed to avoid loops on
network topology.

In order to know a layer 2 path, that feature that has to be provided by
the vendor on the switching devices in the path. Cisco calls it “Layer 2
Traceroute utility” and it mainly relies on the Cisco Discovery Protocol
(CDP) feature.

“traceroute mac” or “traceroute mac ip” CLI commands are the answer.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00804357b3.html#wp1122528

- Short answer: No.

Long answer: traceroute uses ICMP ttl-expired messages to work – which has
no equivalent in the various layer two protocols.
The only thing similar that is possible, is with source-route-bridging on
token ring, and you will only find out which ring numbers and bridge
numbers you go through to reach your destination, not the name, mac
address or other layer three addresses of the devices in between, so if
you have access to network topology diagrams, you can figure out where
your traffic goes, but it is of little use for network topology discovery.
Besides, even in a token-ring SNA environment nowadays, everyone uses
DLSw, which masks the real path that datagrams take.

Posted in Q & A