Given a switch S1, I’d like to guess the target port of a switch S2 to which it is wired.
I can get their updated Mac Address Table (some say Address Forwarding Table) and that’s all. I can’t enable any CDP, LLDP or any other such protocol.
So with the MAT/AFT, I know that to reach a given set of mac address, I have to go through port P1 of switch S1. If S2 also holds all these mac addresses in its MAT/AFT, I can guess that they’re most probably wired together.
I tried finding if any port of S2 holds a bunch of MACs that can be found on S1, but with this I sometime got several candidate ports… or even none (which seems a little stupid to me). For the moment I do not analyse VLANs separately.
I wonder if anyone knows any good algorithm to infer the target port of S2?
Depending on the gear you're using and how it's configured, you make have a separate spanning tree topology for each given Vlan. If you're dealing with a different effective topology from one MAC address to the next, things can be a little messy, and would certainly have the potential to give you multiple candidate ports.
In general, make sure that you're checking the spanning tree status on these switches, as that can be a major factor in this kind of mapping (which inherently makes blocked links invisible to you).
Just because a host MAC address is known one switch, does not necessarily mean that it's known on each switch in the broadcast domain. Switches keep their MAC tables up to date by watching traffic being sent by hosts on those ports; if all of the traffic from host A never has any need to traverse switch 2, switch 2 will forget about it. Blast some broadcast traffic from a device behind switch 2, then check the address tables.