[unisog] getting the Arp Table from a router whit Java API or C application

PaulFM paulfm at me.umn.edu
Wed Apr 12 16:41:24 GMT 2006

Check out neo, and see if it does what you need:


Glenn Forbes Fleming Larratt wrote:
> Hash: SHA1
> I can't really help with the Java/C coding, but I developed installations 
> along these lines in Perl on a Solaris system (using shell calls to
> the CMU SNMP suite of utilities; I actually found that faster than using
> an SNMP Perl module). You're welcome to have a look at my code if you 
> wish; please e-mail me offline if you'd like a copy.
> Getting the MAC<->switchport mappings is significantly more difficult than
> getting the ARP tables, for a variety of reasons:
>   - different manufacturers, and even different switches from the same
>     manufacturer, will have the information stored in different places
>     in the MIB, and slightly differently-formatted SNMP queries to
>     get the information out;
>   - you probably want to have some method of sorting out (either on the
>     back end or the front end) whether a particular MAC address appearing
>     on a particular switch port means (a) the end node is using that
>     port as its edge uplink, or (b) the port in question feeds a further
>     switch or network of switches.
>   - Cisco routers cache ARP information for (I think) 4 hours by default,
>     while Cisco switches tend to cache switch table information for (again,
>     I think) 30 minutes, so you'd need to poll more frequently; I've
>     seen Extreme switches, for example, that only cached switch table
>     information for 5 minutes.
>   - your network is bound to have many more switches than routers, so
>     your polling and processing has to be fast to get through all of them
>     in the 30-minute window.
> Having said all that, it's a solvable problem. As noted, please let me 
> know via private e-mail if you'd like to see my code.
> - --
> Glenn Forbes Fleming Larratt
> Cornell University IT Security Office
> On Tue, 11 Apr 2006, stefano wrote:
>>Hi, sorry for my bad english, i know this and i'm working for make it 
>>better.. but here come the question: I've known this mailing list reading the 
>>previous thread talking about this argument (Getting ARP tables from Cisco 
>>switches via snmp -- slightly OT ) after a search on google..
>>I've to develop an* identical* application (that insert in a DB the *MAC*, 
>>the* IP* and if is possible the Switch port number..) but i've a condiction, 
>>i've to develop this using a java server, not one linux commands or 
>>application  (not , but max portability, because some servers are Windows and 
>>some are Unix, therefore*_ i can't use smnpwalk or arptrace!!_* ) i must to 
>>realize this operation whit *JavaAPIs* or whit portable a source code as a *C 
>>I've downloaded the *Adventnet java SNMP API* package, and i can get a 
>>variable from the MIB for example the OID / return to me 
>>the string value /"Cisco Internetwork Operating System Software \r\nIOS (tm) 
>>RSP Software (RSP-JSV-M), Version 12.0(9), RELEASE SOFTWARE 
>>(fc1)\r\nCopyright (c) 1986-2000 by cisco Systems, Inc.\r\nCompiled Mon 
>>24-Jan-00 23:15 by bettyl"/ then i can deduce that the APIs work fine. But if 
>>i try to get a table, i recive a null pointer, and i don't know how i can do 
>>this operation correctly.
>>*anyone can help me?*
>>here there is the bad test code working only with a single MIB variable:
>>/public static void openSNMPSession() throws Exception
>>  {
>>      System.out.println("ci2ao");
>>      SnmpAPI api = new SnmpAPI();
>>      SnmpSession session = new SnmpSession(api);
>>      session.open();
>>      SnmpPDU pdu = new SnmpPDU();
>>      pdu.setRemoteHost("");
>>      pdu.setCommand(SnmpAPI.GET_REQ_MSG);
>>      pdu.addNull(new SnmpOID(".")); //doesn't work
>>      //pdu.addNull(newSnmpOID("//. /")); work
>>      SnmpPDU response_pdu = session.syncSend(pdu);
>>      if(response_pdu == null)
>>      {
>>          System.out.println("The Request has timed out.");
>>      }
>>      else
>>      {
>>                    System.out.println(response_pdu.printVarBinds());
>>          System.out.println("Errors: "+response_pdu.getError());
>>          System.out.println("Account: "+response_pdu.getCommunity()+"\n Ver 
>>                }
>>  }/
> Version: GnuPG v1.4.1 (MingW32)
> iD8DBQFEPPb/Lyw7nZwiKgQRAkkoAKC8x/Xov3dmfScrKWvUt4hqoJ+2oACfa5ci
> c2KWG069xD6tGc2vQ7D0iG0=
> =arpo
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

The views and opinions expressed above are strictly
those of the author(s).  The content of this message has
not been reviewed nor approved by any entity whatsoever.
Paul F. Markfort   Info/Web: http://www.menet.umn.edu/~paulfm

More information about the unisog mailing list