Identify the device if it is hub, switch, router or gateway

7

5

If you are given two hosts which are connected via a blackbox which you dont know. How can you recognize that blackbox as hub, switch, router or gateway without using any additional device or host?

One more thing: You can not perform any operation on the blackbox. You can't do anything with blackbox. You have access to two hosts only.

user3749029

Posted 2014-06-17T15:14:24.247

Reputation: 79

@CanadianLuke Was your question an attempt to get his question closed and removed? Often forums don't like so-called "homework questions". It was an interesting question. – barlop – 2015-04-08T11:36:42.827

2What have you tried? What OS are you using? What information about the network do you have? What have you researched? – Canadian Luke – 2014-06-17T15:19:06.643

1Read the label? – Austin T French – 2014-06-17T15:20:47.660

It was asked to me in my interview. I couldn't answer it, but I think its a nice question to look answer for... No extra information was provided.. – user3749029 – 2014-06-17T15:21:23.580

1can those devices successfully communicate? – wmz – 2014-06-17T15:47:59.717

4Is this a homework question? – Canadian Luke – 2014-06-17T16:13:39.140

Its not an homework question. I am keen to know the answer – user3749029 – 2014-06-17T18:57:56.370

2When its 2014, its not a hub ;) – PlasmaHH – 2014-06-17T20:43:19.970

Answers

12

In the case that both hosts that have mutual connectivity...

The blackbox must be a router if any of the following are true:

  • The two hosts have IP addresses in different IP networks.
  • A broadcast ping (ie: 255.255.255.255) from one host does not increment traffic counters on the other host.
  • Either hosts' ARP table does not have an entry for the other host.

Else, the blackbox is functioning as a switch or a hub.

The blackbox must be a switch if any of the following are true:

  • The NICs of both hosts are configured Full Duplex and their interface counters are not showing collisions or other errors.
  • A tcpdump or other traffic monitoring application running on either host shows no more than one unicast ethernet frame, if any, with the destination MAC address of the other host.
  • A traffic monitoring program never detects a two-way unicast exchange between two other hosts that itself is not participating.
  • A flood ping from one host to the other does not completely cripple connectivity.

The blackbox must then be a hub if:

  • A traffic monitoring program can detect a two-way unicast exchange between two other hosts.

Nevin Williams

Posted 2014-06-17T15:14:24.247

Reputation: 3 725

3

Given only two hosts:

  1. A hub or unmanaged switch will be mostly invisible.
  2. A managed switch and a router will have a MAC address on the interface. If it is an IP network, these devices will appear as a "hop" in a Traceroute. From the MAC, you can get some information about the manufacturer

I'm not sure what you mean by "gateway." My understanding is that a gateway is just a role for a router to play. In this case, a router is detected like above.

If your managed switches and routers have SNMP available, you can query these devices to find out a plethora of data about the make/model/type of device.

I said "mostly" invisible above because, theoretically, there is a minuscule latency added to the packet traversal. However, given only two hosts, this latency would be next to impossible to detect.

mawcsco

Posted 2014-06-17T15:14:24.247

Reputation: 633

3

I'm assuming that

  • "router or gateway" is a single term. They really mean the same thing.
  • you can look at the blackbox and unplug wires from it

Hubs will:

  • Have multiple ports
  • Have a collision LED
  • Not be gigabit (there aren't any such thing as gigabit hubs)
  • Replicate traffic that comes in on one port to all other ports, on a Layer 2 basis.

Switches will:

  • Have multiple ports
  • Not have a collision LED
  • Replicate traffic that comes in on one port to all other ports, on a Layer 2 basis, IF it hasn't seen that destination MAC address before.
  • Replicate traffic that comes in on one port to a specific other port, on a Layer 2 basis, IF it knows which port the destination MAC address lives at.

Routers will:

  • Usually have two interfaces. Routers that have multiple LAN ports are really a built-in switch plus router combination.
  • Forward traffic on a Layer 3 basis between two separate networks connected to each interface. Since it's Layer 3, each interface needs an IP + subnet mask.
  • Typically not forward broadcast traffic.

So really just by looking at the devices you can generally tell what it is.

If the black box is entirely unknown, and you cannot plug/unplug wires from it, the following can be inferred if systems are already up and running on it.

  • If you have two hosts and a black box, and both hosts are on the same subnet and are talking, the device is a switch or hub. If both hosts are on different subnets, it's a router.
  • If it's a switch or hub and you are working at gigabit speeds, it's a switch.
  • To find out if it's a switch or hub, you will need to
    • put the NIC of both host A and B into promiscuous mode.
    • have A send traffic to B normally, this will cause any switch to learn the MAC address.
    • have A send traffic directed to a MAC address that is not B's mac. There are various tools and ways to do this. If you see traffic on B afterwards, you are on a hub, if not, you are on a switch.

LawrenceC

Posted 2014-06-17T15:14:24.247

Reputation: 63 487

+1, This is the answer they were probably looking for. Specifically the layer explanations + the MAC forwarding differentiation between hubs and switches. – inf – 2014-06-17T19:10:33.153

1To networking professionals (and thus networking textbooks), a router and a gateway are two different things. A proper router is purely a layer 3 (network layer) device that never looks at the higher layer protocols, whereas a gateway operates above layer 3, possibly the entire stack. So something that forwards IPv4 frames between publicly-addressed subnets is a router, but something that, for example, does NAPT, is a gateway because it necessarily works partially at layer 4 (Transport: TCP/UDP) because it modifies port numbers in those headers. – Spiff – 2014-06-17T20:38:21.257

1In the early days of the Internet, every site had their own local network protocols they ran among their hosts on their campus, so the device that connected your LAN to your IP WAN was a gateway, because it was translating between non-IP protocols and IP-based protocols. Even when IP took over the LAN, people kept calling their main IP-connectivity box a "gateway" out of habit, even though it was now just a router. – Spiff – 2014-06-17T20:41:09.970

2

I was asked the same question today in an interview by a gentleman.

  1. Try installing and running advanced IP scanner, which will tell you what devices are connected to the interfaces along with the IP address.
  2. By looking into the IP address, manufacturer detail and the MAC address , the device can be concluded.
  3. Using the command prompt , you can ARP from PC-A to PC-B and if the entry is not seen in the ARP table then it is router , if seen then it could either switch or hub.

Ahamed

Posted 2014-06-17T15:14:24.247

Reputation: 21

Asked: 2014-06-17T15:14:24.247

Viewed: 19 560 times

Active: 2018-01-15T05:45:09.447