[c-nsp] Getting ARP table from SNMP
Bill Nash
billn at billn.net
Tue Oct 17 12:16:19 EDT 2006
[ resent to list after doing something stupid with the original ]
On Tue, 17 Oct 2006, Laurent Geyer wrote:
> Personally, I've written a perl script that walks the ARP table every now
> and again and stores the information I'm after in a database. This way I'm
> able to observe changes, and maintain a historical view of my ARP tables
> with a simple DBI based Perl script.
>
I periodically cache arp entries, plus per-vlan, per interface forwarding
tables. Slap on some first seen and last seen date stamps, and you can't
plug into my network anywhere without leaving a footprint. This also gifts
me with the ability to SQL search for IP -> physical port relationships.
It's a little complex to build, the SNMP correlation is nutty, but from a
forensics and troubleshooting perspective, it's worth the ulcer I got
dealing with IOS's per vlan forwarding mibs.
- billn
More information about the cisco-nsp
mailing list