How to figure out company's network topology?

1

I can figure out:

1. 3 floors(A, B, C), there is a WIFI AP with same APN but different BSSID in each floor.
2. Will get different IP different subnet if I connect to different WIFI AP
3. the router's MAC address remains same.

Other outputs:

Floor A

IP: 10.204.100.12
subnet: 255.255.252.0
router: 10.204.103.254(MAC: for example 11:22:33:44:55:66)

$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
 1  10.204.1.178 (10.204.1.178)  1.575 ms  1.500 ms  1.517 ms
 2  10.204.103.254 (10.204.103.254)  63.216 ms  81.889 ms  9.167 ms

Floor B

IP: 10.204.109.44
subnet: 255.255.252.0
router: 10.204.111.254(same 11:22:33:44:55:66)

$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
 1  10.204.1.178 (10.204.1.178)  1.476 ms  1.510 ms  1.465 ms
 2  10.204.111.254 (10.204.111.254)  23.543 ms 31.441 ms  19.712 ms

Floor C

IP: 10.204.118.132
subnet: 255.255.252.0
router: 10.204.119.254(same 11:22:33:44:55:66)

$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
 1  10.204.1.178 (10.204.1.178)  1.743 ms  1.314 ms  1.688 ms
 2  10.204.119.254 (10.204.119.254)  43.321 ms 71.116 ms  59.281 ms

So I think maybe like this? enter image description here

What I dont understand is

1. why router with same MAC address can have different IP?
2. what is 10.204.1.178? this is in different subnet, why I can access it?
3. where might 10.204.1.178 be?
4. any other strange thing?

Sato

Posted 2015-12-10T04:27:00.640

Reputation: 335

It sounds like the different floors have 3 separate VLANS.

– Burgi – 2015-12-10T08:53:26.563

Yes, this is VLANing. With VLANs one interface can have multiple subinterfaces so 1 max = n IP addresses. Each VLAN has its own IP as a gateway to "pass into" the router. 10.204.1.178 is the next hop, you can access it the same way you can access 8.8.8.8 despite it being outside your subnet. It may be another interface on the same router, or another device within the companys network. Running NMAP against it might hint to what it is. – Linef4ult – 2015-12-11T22:20:56.080

@Linef4ult 10.204.1.178 is a squid server – Sato – 2015-12-14T05:23:19.427

@Sato Ahh that makes sense. – Linef4ult – 2015-12-14T10:22:40.810

@Linef4ult ping 10.204.1.178 always give 1ms, but ping router always give 2ms then 500ms then 2ms then 500ms, its very strange – Sato – 2015-12-15T00:33:50.050

Its probably just rate limiting if there's a clear pattern to it, rejecting regular ICMP as its not important traffic. Assuming you've no packet loss to the WAN its not a problem. – Linef4ult – 2015-12-15T10:54:41.413

We are suffering packet loss, in fact...Anyway thanks – Sato – 2015-12-15T23:27:43.877

No answers

Asked: 2015-12-10T04:27:00.640

Viewed: 109 times

Active: 2015-12-10T04:27:00.640