[c-nsp] Getting ARP table from SNMP
Ed Ravin
eravin at panix.com
Tue Oct 17 12:53:18 EDT 2006
On Tue, Oct 17, 2006 at 12:04:14PM -0400, Laurent Geyer wrote:
> On 10/17/06, Joe Freeman <joe at netbyjoe.com> wrote:
> >
> > I'd be interested in seeing your code. I've been thinking about doing
> > exactly this for awhile. I'd also thought about scraping the mac/port table
> > from my switches so I could track specific mac addresses/ip addresses around
> > the network.
There are a couple of old (but still operational, if you tweak them
here or there) packages that do this:
Arpwatch: can fetch ARP from a router via SNMP, or monitor ARP on the
network:
ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
Arpmon: runs as a daemon on a Unix host, uses tcpdump:
http://ftp.cerias.purdue.edu/pub/tools/unix/netutils/arpmon/README
I've been using arpwatch to dump out my router tables, then some custom
scripts to make a big report showing every MAC/IP pairing at my site.
With history, of course. When you're thinking of re-using an IP address,
it's nice to be able to see that it hasn't been used since 2001, and the
MAC it was last seen with is on a NIC that's now in the spare parts box...
More information about the cisco-nsp
mailing list