[c-nsp] Getting ARP table from SNMP

Shenk, Jerry A jshenk at decommunications.com
Tue Oct 17 13:07:39 EDT 2006 

How do you use arpwatch to pull arp tables from a router?  That seems
like it would be a very useful tool.  I've used arpwatch to monitor arp
traffic.  I just reviewed my documentation too and I just don't see how
to do that...I'd love to see an example.  I'm using version 2.1....I'll
have to look for an update.

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ed Ravin
Sent: Tuesday, October 17, 2006 12:53 PM
To: Laurent Geyer
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Getting ARP table from SNMP

On Tue, Oct 17, 2006 at 12:04:14PM -0400, Laurent Geyer wrote:
> On 10/17/06, Joe Freeman <joe at netbyjoe.com> wrote:
> >
> > I'd be interested in seeing your code. I've been thinking about
doing
> > exactly this for awhile. I'd also thought about scraping the
mac/port table
> > from my switches so I could track specific mac addresses/ip
addresses around
> > the network.

There are a couple of old (but still operational, if you tweak them
here or there) packages that do this:

Arpwatch: can fetch ARP from a router via SNMP, or monitor ARP on the
network:
   ftp://ftp.ee.lbl.gov/arpwatch.tar.gz

Arpmon: runs as a daemon on a Unix host, uses tcpdump:
   http://ftp.cerias.purdue.edu/pub/tools/unix/netutils/arpmon/README

I've been using arpwatch to dump out my router tables, then some custom
scripts to make a big report showing every MAC/IP pairing at my site.
With history, of course.  When you're thinking of re-using an IP
address,
it's nice to be able to see that it hasn't been used since 2001, and the
MAC it was last seen with is on a NIC that's now in the spare parts
box...
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business.

More information about the cisco-nsp mailing list