Abstract:
Knowledge of a network’s entities and the physical connections between them, a network’s physical topology, can be useful in a variety of network scenarios and applications. Administrators can use topology information for fault- finding, inventorying and network planning. Topology information can also be used during protocol and routing algorithm development, for performance prediction and as a basis for accurate network simulations. Specifically, from a network security perspective, threat detection, network monitoring, network access control and forensic investigations can benefit from accurate network topology information. The dynamic nature of large networks has led to the development of various automatic topology discovery techniques, but these techniques have mainly focused on cooperative network environments where network elements can be queried for topology related information. The primary objective of this study is to develop techniques for discovering the physical topology of an Ethernet network without the assistance of the network’s elements. This dissertation describes the experiments performed and the techniques developed in order to identify network nodes and the connections between these nodes. The product of the investigation was the formulation of an algorithm and heuristic that, in combination with measurement techniques, can be used for inferring the physical topology of a target network.