said:

anyone who is quite familiar with overall networking devices, mainly CISCO, does anyone know how to identify if a router is acting as a layer 3 switch remotely? the only way i think one can tell from an auditting standpoint is to scan using NMAP/etc and hope to find a terminal/mgmt port that will offer up the version information. i know most CISCO routers acting as layer-3 switches tend to be on the high end side (like a 7200). i was cutious about this since i had read on a few layer-3 switching techniques that can be manipulated (like MPLS tags/etc)

Not sure if NMAP would do the job. Try using kismet maybe?

Bro I just want to tell you some thing,

Assume like this

A----->B------>C------D------>E

assume A and B as routers and B,C as layer-3 switches you are saying, and E is the web-server,

If they had implemented MPLS technology on these switches ,it will be not even visible on the traversing path to the server,but i had faced situations like this what i did was i sent a crafted icmp packet with a specific ttl values ,so assume you have a ttl value of 8 when reaching the server "A" and when you sent a crafted ttl value of 9 to the "D",you will get a error message that ttl value expired ,it will indicate you that some other devices are exsists in the middle,because each router will increment/decrement ttl value while a icmp packet is passing through them,but this is not 100% reliable,if the target network is good,they have ways to overcome this,but Atleast you can try this method..

mandi, you are telling me basically a firewalking method. i am already familiar with standard TTL and routers in a path and how to identify what is a router/what is firewalled/etc

i think my main interest lied in how to determine a router was ALSO acting as a switch. not every router has frame switching fabrics. since the subject is similiar, has anyone on here come up with a way for me to circumvent the proxy-ARP a local ISP has in place? i mentioned this topic several weeks back, i believe