finding the Vlan on a switch port without admin access

williamsj13williamsj13 Member Posts: 1 ■□□□□□□□□□
I need to find a Vlan for a port without being able to access the switch internally. Is it possible to use an external device to ID a Vlan or a way to access it without admin access? 

Answers

  • BlucodexBlucodex OSCP, GCIA, GCIH, GMON, CISSP, CEH, CHFI, CCNA CyberOps, Security+ Member Posts: 430 ■■■■□□□□□□
  • clarsonclarson Member Posts: 903 ■■■■□□□□□□
    in general the answer is no. 

    1) if it is a production network the admins should have security setup such that no rogue external devices get a network connection.
    maybe you can get a connection on a less secure network, like a dmz, one that allows "guest" access, or a lab environment.

    2) end points don't know and don't care what vlan they are connected.  And, vlan information isn't sent to end points.  so if you connect a computer, laptop, etc that is running pcap, wireshark, tcpdump, etc., it will never see the vlan id in its network traffic.

    3) one place you will find the vlan id is in the 802.1q header.  This header is added to tagged frames that are traversing a trunk.  So, to see this information you need to be connected to a trunk port and be using equipment that can maintain that trunk connection.

    4) trunks aren't in a vlan and don't have a vlan id.  so all of the vlan id's you get from analyzing the trunk traffic, aren't for the port that you are connected.  But, I suppose you can start pulling connections and see how the traffic changes.  maybe you can identify the vlan id's for the ports you have pulled the wires. 

    Hopefully, you can do that before an admin shows up and guides you to the door.
  • ErtazErtaz Member Posts: 934 ■■■■■□□□□□
    Eh, on the off chance they are running CDP on the access ports you can throw up a Kali VM and run  tcpdump -nn -v -i eth0 -s 1500 -c 1 'ether[20:2] == 0x2000'  | grep -E 'Device|Port|VLAN'   Just sayin...
Sign In or Register to comment.