This is sample of a traceroute to google.com:
TraceRoute from Network-Tools.com to 216.58.194.46 [google.com]
Hop (ms) (ms) (ms) IP Address Host name
1 0 0 0 206.123.64.233 -
2 Timed out Timed out Timed out -
3 1 1 1 4.68.70.166 google-level3-3x10g.dallas.level3.net
4 1 1 1 108.170.240.129 -
5 1 1 1 209.85.242.53 -
6 1 1 1 216.58.194.46 dfw25s12-in-f14.1e100.net
Trace complete
It should be many layer 2 network device from our source to destination, that is not visible but They have an important impact on the result; these layer 2 of the network devices have many roles, including security issue like Span, Tap, deep packet inspection or any other security usage or just a layer 2 switche. You can see some hop counts in the traceroute results, but there are certainly many L2 devices in the middle and I am looking for theory or practical way to find an answer to this question.
Best Answer
Just adding to Stuggi's fine answer: layer 2 has no TTL concept, so there's no way to build a
traceroute-like tool for hop-by-hop analysis.You can't identify an L2 device, at least not with a generic tool like
tracerouteand definitely not without device access.There are vendor-specific tools that allow you to check L2 connectivity and display potential paths, based on the device configurations (usually read by SNMP).
Some L2 devices identify themselves using LLDP or CDP but I'm not sure if that helps you.
Any L2 device adds some delay to the forwarded frame, depending on the device and possibly on its configuration. Common delays are between 1 and 10 µs.
Also, depending on the device configuration, a device like a switch can add, remove, or change frame tags like 802.1Q (used for VLAN ID and priority (PCP)) but won't touch the rest of the frame. Likewise, even an L2 device may change the IP packet's DSCP but won't touch anything else.