[unisog] Getting ARP tables from Cisco switches via snmp -- slightly OT

H. Morrow Long morrow.long at yale.edu
Wed Jan 7 21:46:14 GMT 2004


The following should work for Cisco PIXes (just as with Cisco routers) 
using snmpwalk:

Where $router is the IP address or name of the router,
	$comname is the community string (often public)
	and $querytype is 
"ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress"

    snmpwalk $router $comname $querytype

e.g.

   snmpwalk 192.168.1.1 "public" 
"ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress"


- H. Morrow Long
   Director - Information Security
   Yale University, ITS




On Jan 7, 2004, at 4:18 PM, Jens Haeusser wrote:

> We have a similar database in place, and are having the same issues 
> ith our Cisco PIXes. Right now we get the ARP tables by logging into 
> the PIXes and screen-scraping, but we'd love to do it via SNMP as 
> well. If anyone knows how to get the ARP table from a PIX via SNMP, 
> we'd be greatful for the information.
>
> Jens Haeusser
> Manager, Information Security Office
> University of British Columbia
>
> Russell Fulton wrote:
>
>> Seasons Greetings to All,
>>
>>
>> Does anyone know the  OID to retrieve ARP tables from Cisco switches?
>>
>> Background:
>>
>> We are working on a project to maintain a map of MAC, IP addrs and
>> switch ports in a database that we can easily interrogate (even if the
>> machine we are looking for is not on line).  We discovered the need 
>> for
>> this during the frenzy of patching in the latter part of last year 
>> when
>> we had frequent problems with tracking down vulnerable machines.
>>
>> WE have long maintained a data base built from the ARP tables of the
>> routers that allows us to keep track of the mapping on MAC to IP and 
>> we
>> want to extend this out to the edge switches.
>>
>> We can get the data by logging in and using command line functions to
>> dump the tables but would much prefer to get the information via 
>> snmp. The problem is that we cannot find the OID to access the tables 
>> on our
>> cisco switches.  We have used snmp_walk to go though the mib but have
>> not found anything.  Cisco must be using different naming conventions
>> within the min between the routers and switches.  Sigh....
>>
>> Cheers and thanks, Russell
>>
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3035 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20040107/b532c73c/smime-0003.bin


More information about the unisog mailing list