You need to extract the ARP table from one of your routers to determine the MAC address associated with a particular IP address or the IP address for a particular MAC address.
The script in Example 2-3, arpt.pl, extracts the ARP table for a specified router or IP address and displays the results to STDOUT. The script expects to find a hostname or IP address of a router on the command line.
#!/usr/local/bin/perl
#
# arpt.pl -- a script to extract the ARP cache from a router.
#
#Set behavior
$snmpro="ORARO";
#
$snmpwalk="/usr/local/bin/snmpwalk -v 1 -c $snmpro";
$snmpget="/usr/local/bin/snmpget -v 1 -c $snmpro";
chomp ($rtr=$ARGV[0]);
if ( $rtr eq "" ) {die "$0: Must specify a router \n"};
@iftable=`$snmpwalk $rtr ifDescr`;
for $ifnum (@iftable) {
chomp (($intno, $intname) = split (/ = /, $ifnum));
$intno=~s/.*ifDescr\.//;
$intname=~s/"//gi;
$arpint{$intno}=$intname;
}
printf ("%-22.22s %-10.10s %-25.25s\n", Address, MAC, Interface);
@atTable=`$snmpwalk $rtr .1.3.6.1.2.1.3.1.1.1`;
for $atnum (@atTable) {
chomp (($atip, $atint) = split (/ = /, $atnum));
$atip =~ s/.*atIfIndex\.[0-9]+\.1\.//;
$atphys=`$snmpget $rtr atPhysAddress.$atint.1.$atip`;
chomp(($foo, $phys) = split(/: /, $atphys));
$phys=~s/ /-/gi; chop ($phys);
$phys=~tr/A-Z/a-z/;
$int=$arpint{$atint};
printf ("%-15.15s %17.17s %-25.25s\n", $atip, $phys, $int);
}
The arpt.pl script extracts the ARP table from a specific router using SNMP and displays it to STDOUT. The script requires Perl and NET-SNMP and it expects to find both in the /usr/local/bin directory. For more information on Perl or NET-SNMP, see Appendix A.
Be sure to set the SNMP read-only community string (contained in the variable $snmpro) before using this script:
Freebsd% ./arpt.pl toronto
Address MAC Interface
172.22.1.1 00-01-96-70-b7-81 FastEthernet0/1
172.22.1.2 00-01-96-70-b7-81 FastEthernet0/1
172.22.1.3 00-01-96-70-b7-81 FastEthernet0/1
172.25.1.1 00-10-4b-09-57-00 FastEthernet0/0.1
172.25.1.5 00-01-96-70-b7-80 FastEthernet0/0.1
172.25.1.7 00-00-0c-92-bc-6a FastEthernet0/0.1
172.25.1.254 00-00-0c-07-ac-01 FastEthernet0/0.1
172.16.2.1 00-01-96-70-b7-80 FastEthernet0/0.2
172.16.2.22 00-00-0c-07-ac-00 FastEthernet0/0.2
Freebsd%
The script creates a simple report including the IP address, MAC address, and interface name of each ARP entry. You can then use a search utility to locate specific devices by their IP or MAC addresses. For example, on a Unix server, you could pipe the output to the grep command, as follows:
Freebsd% ./arpt.pl toronto | grep 172.25.1.5 172.25.1.5 00-01-96-70-b7-80 FastEthernet0/0.1 Freebsd%
The ARP tables on core routers can be quite large, which makes locating a single ARP entry difficult. This script allows you to track down a particular device remotely. You could also use the grep utility to find the IP address of a particular known MAC address:
Freebsd% ./arpt.pl toronto | grep 00-10-4b-09-57-15 172.25.1.3 00-10-4b-09-57-15 FastEthernet0/0.1 Freebsd%
This script only queries open standard SNMP MIBS, so you can use it to extract ARP table information from almost any SNMP enabled device, even non-Cisco equipment.
|
|
|
| Top |