Previous section   Next section

Recipe 2.15 Generating a Report of ARP Table Information

2.15.1 Problem

You need to extract the ARP table from one of your routers to determine the MAC address associated with a particular IP address or the IP address for a particular MAC address.

2.15.2 Solution

The script in Example 2-3, arpt.pl, extracts the ARP table for a specified router or IP address and displays the results to STDOUT. The script expects to find a hostname or IP address of a router on the command line.

Example 2-3. arpt.pl
#!/usr/local/bin/perl
#
#         arpt.pl -- a script to extract the ARP cache from a router. 
#
#Set behavior
$snmpro="ORARO";
#
$snmpwalk="/usr/local/bin/snmpwalk -v 1 -c $snmpro";
$snmpget="/usr/local/bin/snmpget -v 1 -c $snmpro";
chomp ($rtr=$ARGV[0]);
if ( $rtr eq "" ) {die "$0: Must specify a router \n"};
@iftable=`$snmpwalk $rtr ifDescr`;
for $ifnum (@iftable) {
    chomp (($intno, $intname) = split (/ = /, $ifnum));
    $intno=~s/.*ifDescr\.//;
    $intname=~s/"//gi;
    $arpint{$intno}=$intname;
}
printf ("%-22.22s %-10.10s  %-25.25s\n", Address, MAC, Interface);
@atTable=`$snmpwalk $rtr .1.3.6.1.2.1.3.1.1.1`;
for $atnum (@atTable) {
    chomp (($atip, $atint) = split (/ = /, $atnum));
    $atip =~ s/.*atIfIndex\.[0-9]+\.1\.//;
    $atphys=`$snmpget $rtr atPhysAddress.$atint.1.$atip`;
    chomp(($foo, $phys) = split(/: /, $atphys));
    $phys=~s/ /-/gi; chop ($phys);
    $phys=~tr/A-Z/a-z/;
    $int=$arpint{$atint};
    printf ("%-15.15s %17.17s  %-25.25s\n", $atip, $phys, $int);
}

2.15.3 Discussion

The arpt.pl script extracts the ARP table from a specific router using SNMP and displays it to STDOUT. The script requires Perl and NET-SNMP and it expects to find both in the /usr/local/bin directory. For more information on Perl or NET-SNMP, see Appendix A.

Be sure to set the SNMP read-only community string (contained in the variable $snmpro) before using this script:

Freebsd% ./arpt.pl toronto
Address                MAC         Interface                
172.22.1.1      00-01-96-70-b7-81  FastEthernet0/1          
172.22.1.2      00-01-96-70-b7-81  FastEthernet0/1          
172.22.1.3      00-01-96-70-b7-81  FastEthernet0/1          
172.25.1.1      00-10-4b-09-57-00  FastEthernet0/0.1
172.25.1.5      00-01-96-70-b7-80  FastEthernet0/0.1
172.25.1.7      00-00-0c-92-bc-6a  FastEthernet0/0.1
172.25.1.254    00-00-0c-07-ac-01  FastEthernet0/0.1
172.16.2.1      00-01-96-70-b7-80  FastEthernet0/0.2
172.16.2.22     00-00-0c-07-ac-00  FastEthernet0/0.2
Freebsd%

The script creates a simple report including the IP address, MAC address, and interface name of each ARP entry. You can then use a search utility to locate specific devices by their IP or MAC addresses. For example, on a Unix server, you could pipe the output to the grep command, as follows:

Freebsd% ./arpt.pl toronto | grep 172.25.1.5
172.25.1.5      00-01-96-70-b7-80  FastEthernet0/0.1
Freebsd%

The ARP tables on core routers can be quite large, which makes locating a single ARP entry difficult. This script allows you to track down a particular device remotely. You could also use the grep utility to find the IP address of a particular known MAC address:

Freebsd% ./arpt.pl toronto | grep 00-10-4b-09-57-15
172.25.1.3      00-10-4b-09-57-15  FastEthernet0/0.1
Freebsd%

This script only queries open standard SNMP MIBS, so you can use it to extract ARP table information from almost any SNMP enabled device, even non-Cisco equipment.

2.15.4 See Also

Appendix A


  Previous section   Next section
Top