[unisog] Getting ARP tables from Cisco switches via snmp -- slightly OT
H. Morrow Long
morrow.long at yale.edu
Wed Jan 7 21:46:14 GMT 2004
The following should work for Cisco PIXes (just as with Cisco routers)
Where $router is the IP address or name of the router,
$comname is the community string (often public)
and $querytype is
snmpwalk $router $comname $querytype
snmpwalk 192.168.1.1 "public"
- H. Morrow Long
Director - Information Security
Yale University, ITS
On Jan 7, 2004, at 4:18 PM, Jens Haeusser wrote:
> We have a similar database in place, and are having the same issues
> ith our Cisco PIXes. Right now we get the ARP tables by logging into
> the PIXes and screen-scraping, but we'd love to do it via SNMP as
> well. If anyone knows how to get the ARP table from a PIX via SNMP,
> we'd be greatful for the information.
> Jens Haeusser
> Manager, Information Security Office
> University of British Columbia
> Russell Fulton wrote:
>> Seasons Greetings to All,
>> Does anyone know the OID to retrieve ARP tables from Cisco switches?
>> We are working on a project to maintain a map of MAC, IP addrs and
>> switch ports in a database that we can easily interrogate (even if the
>> machine we are looking for is not on line). We discovered the need
>> this during the frenzy of patching in the latter part of last year
>> we had frequent problems with tracking down vulnerable machines.
>> WE have long maintained a data base built from the ARP tables of the
>> routers that allows us to keep track of the mapping on MAC to IP and
>> want to extend this out to the edge switches.
>> We can get the data by logging in and using command line functions to
>> dump the tables but would much prefer to get the information via
>> snmp. The problem is that we cannot find the OID to access the tables
>> on our
>> cisco switches. We have used snmp_walk to go though the mib but have
>> not found anything. Cisco must be using different naming conventions
>> within the min between the routers and switches. Sigh....
>> Cheers and thanks, Russell
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3035 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20040107/b532c73c/smime-0003.bin
More information about the unisog