You need to extract the ARP table from one of your routers to determine the MAC address associated with a particular IP address or the IP address for a particular MAC address.
The script in Example 2-3, arpt.pl, extracts the ARP table for a specified router or IP address and displays the results to STDOUT. The script expects to find a hostname or IP address of a router on the command line.
#!/usr/local/bin/perl # # arpt.pl -- a script to extract the ARP cache from a router. # #Set behavior $snmpro="ORARO"; # $snmpwalk="/usr/local/bin/snmpwalk -v 1 -c $snmpro"; $snmpget="/usr/local/bin/snmpget -v 1 -c $snmpro"; chomp ($rtr=$ARGV[0]); if ( $rtr eq "" ) {die "$0: Must specify a router \n"}; @iftable=`$snmpwalk $rtr ifDescr`; for $ifnum (@iftable) { chomp (($intno, $intname) = split (/ = /, $ifnum)); $intno=~s/.*ifDescr\.//; $intname=~s/"//gi; $arpint{$intno}=$intname; } printf ("%-22.22s %-10.10s %-25.25s\n", Address, MAC, Interface); @atTable=`$snmpwalk $rtr .1.3.6.1.2.1.3.1.1.1`; for $atnum (@atTable) { chomp (($atip, $atint) = split (/ = /, $atnum)); $atip =~ s/.*atIfIndex\.[0-9]+\.1\.//; $atphys=`$snmpget $rtr atPhysAddress.$atint.1.$atip`; chomp(($foo, $phys) = split(/: /, $atphys)); $phys=~s/ /-/gi; chop ($phys); $phys=~tr/A-Z/a-z/; $int=$arpint{$atint}; printf ("%-15.15s %17.17s %-25.25s\n", $atip, $phys, $int); }
The arpt.pl script extracts the ARP table from a specific router using SNMP and displays it to STDOUT. The script requires Perl and NET-SNMP and it expects to find both in the /usr/local/bin directory. For more information on Perl or NET-SNMP, see Appendix A.
Be sure to set the SNMP read-only community string (contained in the variable $snmpro) before using this script:
Freebsd% ./arpt.pl toronto
Address MAC Interface
172.22.1.1 00-01-96-70-b7-81 FastEthernet0/1
172.22.1.2 00-01-96-70-b7-81 FastEthernet0/1
172.22.1.3 00-01-96-70-b7-81 FastEthernet0/1
172.25.1.1 00-10-4b-09-57-00 FastEthernet0/0.1
172.25.1.5 00-01-96-70-b7-80 FastEthernet0/0.1
172.25.1.7 00-00-0c-92-bc-6a FastEthernet0/0.1
172.25.1.254 00-00-0c-07-ac-01 FastEthernet0/0.1
172.16.2.1 00-01-96-70-b7-80 FastEthernet0/0.2
172.16.2.22 00-00-0c-07-ac-00 FastEthernet0/0.2
Freebsd%
The script creates a simple report including the IP address, MAC address, and interface name of each ARP entry. You can then use a search utility to locate specific devices by their IP or MAC addresses. For example, on a Unix server, you could pipe the output to the grep command, as follows:
Freebsd% ./arpt.pl toronto | grep 172.25.1.5 172.25.1.5 00-01-96-70-b7-80 FastEthernet0/0.1 Freebsd%
The ARP tables on core routers can be quite large, which makes locating a single ARP entry difficult. This script allows you to track down a particular device remotely. You could also use the grep utility to find the IP address of a particular known MAC address:
Freebsd% ./arpt.pl toronto | grep 00-10-4b-09-57-15 172.25.1.3 00-10-4b-09-57-15 FastEthernet0/0.1 Freebsd%
This script only queries open standard SNMP MIBS, so you can use it to extract ARP table information from almost any SNMP enabled device, even non-Cisco equipment.
Top |