Requirements for Link-Layer Topology Discovery in Windows 7
Requirements for Link-Layer Topology Discovery in Windows 7
One of my favorite Windows 7 tools is the ability to display an entire network map by navigating to the Network and Sharing Center in the Control Panel and clicking “See Full Map”. The tool provides an excellent means to view either ad hoc or infrastructure network elements.
Drawing a full network maps requires that Link-Layer Topology Discovery (LLTD) is enabled on the requesting PC, and that the responder is enabled on all responding PCs. Windows Vista and Windows 7 provide the related elements by default. There is a hotfix to enable the feature in Windows XP SP3.
An overview of the functionality is available through WindowsSeven Forums. How to See Full Map of Network Computers and Devices in Windows 7
While enabling the technology appears straightforward, there are a number of settings or configuration issues that can prevent the use of LLTD. While the WindowsSeven Forum provides an overview for enabling LLTD, it does not address some of the issues that can prevent the feature. The following list offers additional considerations when attempting to enable or troubleshoot the ability to draw a full network map.
NIC and Network Settings
- A NIC driver compatible with both your NIC and the system. Note: Windows 7 64 bit drivers must be signed. Several reported Link-Layer Topology issues have been resolved by NIC driver replacement (or rollback).
- In some instances, NICs support their own configuration management features that will interfere with Link Layer Topology. For instance, NVIDIA Ethernet drivers will need VLAN capabilities disabled.
- Link-Layer Topology Discovery must be enabled in the NIC properties.
- File and printer sharing needs to be enabled and must not be blocked in the firewall.
- Network Discovery must be enabled (under advanced sharing settings).
System and Service Settings
- The Link-Layer Topology Discovery Mapper service must be running. It may need to be started by an account with administrative privileges if the service is set to manual instead of automatic.
- RPC/DCOM (TCP port 135) must not be blocked by a software or hardware firewall.
- UPnP (UDP port 1900 – 18.104.22.168) must be allowed both in and out.
- Svchost must be allowed to connect and receive on all Network Discovery ports.
- Svchost must be allowed to connect and receive over UPnP.
- Svchost must be allowed to connect on TCP port 5431.
XP Machine Response
If you have XP machines, you need to install the LLTD Responder for XP SP3 in order to see them in your map. There is a hotfix you will need to request from Microsoft. Network Map in Windows Vista does not display computers that are running Windows XP.
Your network connection needs to be identified as a recognized network profile. An overview of creating and modifying network profiles is available for Windows Vista and Windows 7. Create or modify network profiles.
In some cases an unknown NIC driver or secondary NIC devices may be identified as an ‘Unidentified Network’. This most commonly occurs when a device contains both a wired and wireless NIC. If both are enabled simultaneously after one has been configured, the second may show up as Unidentified or Public. In some cases, the Network and Sharing Center interface will not allow a change to the Network profile classification. Without a Network profile or with a Public profile, LLTD is likely to be blocked by security, firewall, or group policy settings.
Darene Lewis wrote a simple Powershell script Change ‘Unidentified network’ from Public to Work in Windows 7 that can be used to reset an Unidentified Network to the Work profile. The setting does not persist across reboots, but is one way to test possible issue scenarios.
The most common suggestion for correction of the Unidentified Network issue is:
- Disable all network adapters
- Enable the adapter that’s only showing up as the unchangeable public network.
- In the Network and Sharing Center, select “Choose Homegroup and Sharing Options”
- Click on “What is this Location?”
- Select Home/Work
- Re-Enable all other adapters
Group Policy must not block LLTD:
- Group policy: Local Computer Policy > Computer Configuration > Administrative Templates > Network > Link-Layer Topology Discovery > Turn on Mapper I/O (LLTDIO) driver”
- Allow operation while in desired domain profile(s)
If Link-Layer Topology Discovery is controlled at the site, domain, or OU level, you will need to discuss your needs with your policy administrator(s).
While Link-Layer Topology Discovery is still enabled within the Network stack for Windows 8, the ability to draw full network maps has been removed from the Network and Sharing Center. Microsoft suggests using Network discovery and looking for Network computers via Windows explorer. It does not appear that the feature will become available in Windows 8.
With just a little effort, you should be able to add Network Maps to your arsenal of troubleshooting tools.
You May Also Like
In this recorded Windows 10 webinar from December 1,2015, Windows Instructor Steve Fullmer presents the navigation and some of the new features associated with Windows 10 including Sysinternals Tools for Windows Client, Windows core concepts, exploring Process Explorer as well as some of the features that are not yet ready for prime time but will … Continue reading Windows 10 Features and Navigation – December 1, 2015
See our class schedule for complete Course Schedule Training. Classes are held in Phoenix, AZ and can be attended online from anywhere in the world with RemoteLive™. Instructor: Rick Trader Video Transcription: One of the things that we might have to do in our corporate network is to take a class of IP addresses and then subnet that into … Continue reading Subnetting a TCP/IP Network using the Magic Box Method
How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015