[c-nsp] Getting ARP table from SNMP
Laurent Geyer
lgeyer at 085zehn.com
Tue Oct 17 12:15:53 EDT 2006
On 10/17/06, billn at pegasus.billn.net <billn at pegasus.billn.net> wrote:
>
> On Tue, 17 Oct 2006, Laurent Geyer wrote:
>
> > `snmpbulkwalk -v2c -c <community string> <switch/router>
> > 1.3.6.1.2.1.3.1.1.2| grep <IP address>'
> >
> > Personally, I've written a perl script that walks the ARP table every
> now
> > and again and stores the information I'm after in a database. This way
> I'm
> > able to observe changes, and maintain a historical view of my ARP tables
> > with a simple DBI based Perl script.
> >
> > I'm not much of a programmer but if you're interested I can clean my
> code
> > up a bit and send you what I've got.
>
> I periodically cache arp entries, plus per-vlan, per interface forwarding
> tables. Slap on some first seen and last seen date stamps, and you can't
> plug into my network anywhere without leaving a footprint. This also gifts
> me with the ability to SQL search for IP -> physical port relationships.
> It's a little complex to build, the SNMP correlation is nutty, but from a
> forensics and troubleshooting perspective, it's worth the ulcer I got
> dealing with IOS's per vlan forwarding mibs.
Exactly what I'm doing. I don't have the CAM portion of it finished just yet
but I'm getting there. Too much ops crap to deal with right now to finish
what I started :(
Mind sharing what you have?
- Laurent
More information about the cisco-nsp
mailing list