[unisog] getting the Arp Table from a router whit Java API or C application

Glenn Forbes Fleming Larratt gl89 at cornell.edu
Wed Apr 12 12:47:53 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I can't really help with the Java/C coding, but I developed installations 
along these lines in Perl on a Solaris system (using shell calls to
the CMU SNMP suite of utilities; I actually found that faster than using
an SNMP Perl module). You're welcome to have a look at my code if you 
wish; please e-mail me offline if you'd like a copy.

Getting the MAC<->switchport mappings is significantly more difficult than
getting the ARP tables, for a variety of reasons:

  - different manufacturers, and even different switches from the same
    manufacturer, will have the information stored in different places
    in the MIB, and slightly differently-formatted SNMP queries to
    get the information out;

  - you probably want to have some method of sorting out (either on the
    back end or the front end) whether a particular MAC address appearing
    on a particular switch port means (a) the end node is using that
    port as its edge uplink, or (b) the port in question feeds a further
    switch or network of switches.

  - Cisco routers cache ARP information for (I think) 4 hours by default,
    while Cisco switches tend to cache switch table information for (again,
    I think) 30 minutes, so you'd need to poll more frequently; I've
    seen Extreme switches, for example, that only cached switch table
    information for 5 minutes.

  - your network is bound to have many more switches than routers, so
    your polling and processing has to be fast to get through all of them
    in the 30-minute window.

Having said all that, it's a solvable problem. As noted, please let me 
know via private e-mail if you'd like to see my code.

- --
Glenn Forbes Fleming Larratt
Cornell University IT Security Office

On Tue, 11 Apr 2006, stefano wrote:

> Hi, sorry for my bad english, i know this and i'm working for make it 
> better.. but here come the question: I've known this mailing list reading the 
> previous thread talking about this argument (Getting ARP tables from Cisco 
> switches via snmp -- slightly OT ) after a search on google..
>
> I've to develop an* identical* application (that insert in a DB the *MAC*, 
> the* IP* and if is possible the Switch port number..) but i've a condiction, 
> i've to develop this using a java server, not one linux commands or 
> application  (not , but max portability, because some servers are Windows and 
> some are Unix, therefore*_ i can't use smnpwalk or arptrace!!_* ) i must to 
> realize this operation whit *JavaAPIs* or whit portable a source code as a *C 
> code.*
>
> I've downloaded the *Adventnet java SNMP API* package, and i can get a 
> variable from the MIB for example the OID /1.3.6.1.2.1.1.1.0/ return to me 
> the string value /"Cisco Internetwork Operating System Software \r\nIOS (tm) 
> RSP Software (RSP-JSV-M), Version 12.0(9), RELEASE SOFTWARE 
> (fc1)\r\nCopyright (c) 1986-2000 by cisco Systems, Inc.\r\nCompiled Mon 
> 24-Jan-00 23:15 by bettyl"/ then i can deduce that the APIs work fine. But if 
> i try to get a table, i recive a null pointer, and i don't know how i can do 
> this operation correctly.
>
> *anyone can help me?*
>
> here there is the bad test code working only with a single MIB variable:
>
> /public static void openSNMPSession() throws Exception
>   {
>       System.out.println("ci2ao");
>       SnmpAPI api = new SnmpAPI();
>       SnmpSession session = new SnmpSession(api);
>       session.open();
>       SnmpPDU pdu = new SnmpPDU();
>       pdu.setRemoteHost("141.108.5.4");
>       pdu.setCommand(SnmpAPI.GET_REQ_MSG);
>       pdu.addNull(new SnmpOID(".1.3.6.1.2.1.4.22")); //doesn't work
>       //pdu.addNull(newSnmpOID("//.1.3.6.1.2.1.1.1.0/ /")); work
>       SnmpPDU response_pdu = session.syncSend(pdu);
>       if(response_pdu == null)
>       {
>           System.out.println("The Request has timed out.");
>       }
>       else
>       {
>                     System.out.println(response_pdu.printVarBinds());
>           System.out.println("Errors: "+response_pdu.getError());
>           System.out.println("Account: "+response_pdu.getCommunity()+"\n Ver 
> "+response_pdu.getVariable(10));
>                 }
>   }/
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFEPPb/Lyw7nZwiKgQRAkkoAKC8x/Xov3dmfScrKWvUt4hqoJ+2oACfa5ci
c2KWG069xD6tGc2vQ7D0iG0=
=arpo
-----END PGP SIGNATURE-----


More information about the unisog mailing list