[unisog] Getting ARP tables from Cisco switches via snmp -- slightly OT

H. Morrow Long morrow.long at yale.edu
Wed Jan 7 21:46:14 GMT 2004

The following should work for Cisco PIXes (just as with Cisco routers) 
using snmpwalk:

Where $router is the IP address or name of the router,
	$comname is the community string (often public)
	and $querytype is 

    snmpwalk $router $comname $querytype


   snmpwalk "public" 

- H. Morrow Long
   Director - Information Security
   Yale University, ITS

On Jan 7, 2004, at 4:18 PM, Jens Haeusser wrote:

> We have a similar database in place, and are having the same issues 
> ith our Cisco PIXes. Right now we get the ARP tables by logging into 
> the PIXes and screen-scraping, but we'd love to do it via SNMP as 
> well. If anyone knows how to get the ARP table from a PIX via SNMP, 
> we'd be greatful for the information.
> Jens Haeusser
> Manager, Information Security Office
> University of British Columbia
> Russell Fulton wrote:
>> Seasons Greetings to All,
>> Does anyone know the  OID to retrieve ARP tables from Cisco switches?
>> Background:
>> We are working on a project to maintain a map of MAC, IP addrs and
>> switch ports in a database that we can easily interrogate (even if the
>> machine we are looking for is not on line).  We discovered the need 
>> for
>> this during the frenzy of patching in the latter part of last year 
>> when
>> we had frequent problems with tracking down vulnerable machines.
>> WE have long maintained a data base built from the ARP tables of the
>> routers that allows us to keep track of the mapping on MAC to IP and 
>> we
>> want to extend this out to the edge switches.
>> We can get the data by logging in and using command line functions to
>> dump the tables but would much prefer to get the information via 
>> snmp. The problem is that we cannot find the OID to access the tables 
>> on our
>> cisco switches.  We have used snmp_walk to go though the mib but have
>> not found anything.  Cisco must be using different naming conventions
>> within the min between the routers and switches.  Sigh....
>> Cheers and thanks, Russell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3035 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20040107/b532c73c/smime-0003.bin

More information about the unisog mailing list