[unisog] getting the Arp Table from a router whit Java API or C application

PaulFM paulfm at me.umn.edu
Wed Apr 12 16:41:24 GMT 2006


Check out neo, and see if it does what you need:

http://www.ktools.org/neo/


Glenn Forbes Fleming Larratt wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I can't really help with the Java/C coding, but I developed installations 
> along these lines in Perl on a Solaris system (using shell calls to
> the CMU SNMP suite of utilities; I actually found that faster than using
> an SNMP Perl module). You're welcome to have a look at my code if you 
> wish; please e-mail me offline if you'd like a copy.
> 
> Getting the MAC<->switchport mappings is significantly more difficult than
> getting the ARP tables, for a variety of reasons:
> 
>   - different manufacturers, and even different switches from the same
>     manufacturer, will have the information stored in different places
>     in the MIB, and slightly differently-formatted SNMP queries to
>     get the information out;
> 
>   - you probably want to have some method of sorting out (either on the
>     back end or the front end) whether a particular MAC address appearing
>     on a particular switch port means (a) the end node is using that
>     port as its edge uplink, or (b) the port in question feeds a further
>     switch or network of switches.
> 
>   - Cisco routers cache ARP information for (I think) 4 hours by default,
>     while Cisco switches tend to cache switch table information for (again,
>     I think) 30 minutes, so you'd need to poll more frequently; I've
>     seen Extreme switches, for example, that only cached switch table
>     information for 5 minutes.
> 
>   - your network is bound to have many more switches than routers, so
>     your polling and processing has to be fast to get through all of them
>     in the 30-minute window.
> 
> Having said all that, it's a solvable problem. As noted, please let me 
> know via private e-mail if you'd like to see my code.
> 
> - --
> Glenn Forbes Fleming Larratt
> Cornell University IT Security Office
> 
> On Tue, 11 Apr 2006, stefano wrote:
> 
> 
>>Hi, sorry for my bad english, i know this and i'm working for make it 
>>better.. but here come the question: I've known this mailing list reading the 
>>previous thread talking about this argument (Getting ARP tables from Cisco 
>>switches via snmp -- slightly OT ) after a search on google..
>>
>>I've to develop an* identical* application (that insert in a DB the *MAC*, 
>>the* IP* and if is possible the Switch port number..) but i've a condiction, 
>>i've to develop this using a java server, not one linux commands or 
>>application  (not , but max portability, because some servers are Windows and 
>>some are Unix, therefore*_ i can't use smnpwalk or arptrace!!_* ) i must to 
>>realize this operation whit *JavaAPIs* or whit portable a source code as a *C 
>>code.*
>>
>>I've downloaded the *Adventnet java SNMP API* package, and i can get a 
>>variable from the MIB for example the OID /1.3.6.1.2.1.1.1.0/ return to me 
>>the string value /"Cisco Internetwork Operating System Software \r\nIOS (tm) 
>>RSP Software (RSP-JSV-M), Version 12.0(9), RELEASE SOFTWARE 
>>(fc1)\r\nCopyright (c) 1986-2000 by cisco Systems, Inc.\r\nCompiled Mon 
>>24-Jan-00 23:15 by bettyl"/ then i can deduce that the APIs work fine. But if 
>>i try to get a table, i recive a null pointer, and i don't know how i can do 
>>this operation correctly.
>>
>>*anyone can help me?*
>>
>>here there is the bad test code working only with a single MIB variable:
>>
>>/public static void openSNMPSession() throws Exception
>>  {
>>      System.out.println("ci2ao");
>>      SnmpAPI api = new SnmpAPI();
>>      SnmpSession session = new SnmpSession(api);
>>      session.open();
>>      SnmpPDU pdu = new SnmpPDU();
>>      pdu.setRemoteHost("141.108.5.4");
>>      pdu.setCommand(SnmpAPI.GET_REQ_MSG);
>>      pdu.addNull(new SnmpOID(".1.3.6.1.2.1.4.22")); //doesn't work
>>      //pdu.addNull(newSnmpOID("//.1.3.6.1.2.1.1.1.0/ /")); work
>>      SnmpPDU response_pdu = session.syncSend(pdu);
>>      if(response_pdu == null)
>>      {
>>          System.out.println("The Request has timed out.");
>>      }
>>      else
>>      {
>>                    System.out.println(response_pdu.printVarBinds());
>>          System.out.println("Errors: "+response_pdu.getError());
>>          System.out.println("Account: "+response_pdu.getCommunity()+"\n Ver 
>>"+response_pdu.getVariable(10));
>>                }
>>  }/
>>
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (MingW32)
> 
> iD8DBQFEPPb/Lyw7nZwiKgQRAkkoAKC8x/Xov3dmfScrKWvUt4hqoJ+2oACfa5ci
> c2KWG069xD6tGc2vQ7D0iG0=
> =arpo
> -----END PGP SIGNATURE-----
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

-- 
---------------------------------------------------------------------
The views and opinions expressed above are strictly
those of the author(s).  The content of this message has
not been reviewed nor approved by any entity whatsoever.
---------------------------------------------------------------------
Paul F. Markfort   Info/Web: http://www.menet.umn.edu/~paulfm
---------------------------------------------------------------------


More information about the unisog mailing list