Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How can i find out what Servers are connected to what ports on 3550 2
- Thread starter leo74
- Start date
-
1
- #2
Hello Leo74,
You only have to combine the ARP table from your router with the "show mac-address-table" output from your switch.
And fortunately there is a perl script which will do this exact thing for you.
Find a MRTG mirror and find the /contrib/ folder.
Now get your hands on the file "cammer".
Read the cammer.readme.txt and off you go.
I run this perl script every hour and use the output to fill a database. Now I can keep track of MAC addresses which pop up in my network (wanted and unwanted).
You only have to combine the ARP table from your router with the "show mac-address-table" output from your switch.
And fortunately there is a perl script which will do this exact thing for you.
Find a MRTG mirror and find the /contrib/ folder.
Now get your hands on the file "cammer".
Read the cammer.readme.txt and off you go.
I run this perl script every hour and use the output to fill a database. Now I can keep track of MAC addresses which pop up in my network (wanted and unwanted).
- Thread starter
- #3
- Thread starter
- #4
I have a dedicated "Network monitor" PC installed for this.
The Monitor-PC does two things.
1: MRTG, to get a graphical overview of my most important switches and connections.
(2: Cammer, to get a hold of all the changes in my network.
Cammer runs every 15 minutes.
When a problem occurs (whatever the reason), I can check the global utilization of my important connections to see if Production is in danger, and when necessary, I can trace any MAC address back to it's switchport.
I can even trace MAC addresses which do not use TCP/IP and are not validated (Laptops!!) by the Helpdesk.
It surprises people that I know where a malicious machine is without them loggin in to my Domain.
The Network Monitoring PC is setup in such a way that there is no need to be logged in, so it runs stand-alone.
The Monitor-PC does two things.
1: MRTG, to get a graphical overview of my most important switches and connections.
(2: Cammer, to get a hold of all the changes in my network.
Cammer runs every 15 minutes.
When a problem occurs (whatever the reason), I can check the global utilization of my important connections to see if Production is in danger, and when necessary, I can trace any MAC address back to it's switchport.
I can even trace MAC addresses which do not use TCP/IP and are not validated (Laptops!!) by the Helpdesk.
It surprises people that I know where a malicious machine is without them loggin in to my Domain.
The Network Monitoring PC is setup in such a way that there is no need to be logged in, so it runs stand-alone.
-
1
- #6
You can also do this 100% from the switch vs. pinging all of your hosts to gather the arp table. Just to add onto what PalmTable already posted. This is good for just looking up the mac and port of one or two devices. Here's how:
At your Switch# prompt type:
show ip arp | include ip.addy.you.need
ex, show ip arp | include 192.168.100.100
You will get back something like:
Internet 192.168.100.100 5 0010.1801.cc18 ARPA Vlan100
00:10:18:01:cc:18 is your MAC. Then at the Switch# prompt type in:
show mac-address-table | include last_4_of_mac
ex, show mac-address-table | include cc18
You will get back something like:
0010.1801.cc18 DYNAMIC Gi0/3
Your switchport, using my example, is Gi0/3
Works well for me when I need to look one up quickly, anyways...
HTH,
GWC
At your Switch# prompt type:
show ip arp | include ip.addy.you.need
ex, show ip arp | include 192.168.100.100
You will get back something like:
Internet 192.168.100.100 5 0010.1801.cc18 ARPA Vlan100
00:10:18:01:cc:18 is your MAC. Then at the Switch# prompt type in:
show mac-address-table | include last_4_of_mac
ex, show mac-address-table | include cc18
You will get back something like:
0010.1801.cc18 DYNAMIC Gi0/3
Your switchport, using my example, is Gi0/3
Works well for me when I need to look one up quickly, anyways...
HTH,
GWC
- Thread starter
- #7
CorruptedLogic
IS-IT--Management
- Aug 1, 2001
- 193
So i took great interest in this post..now i have a question of my own )
As soon as I read the info about MRTG and Cammer, I jumped for joy..this is exactly what i've been looking for!.. I have MRTG working and getting snmp info from both my host router and my cat6500. However, i REALLY want to run cammer to monitor my ports. Being a perl virgin, how in the name of hades would i go about setting up cammer? i'm guessing i have to run it via MRTG somehow?.please help...i'm almost there!
TIA.!
Work Smarter, Not Harder....
)As soon as I read the info about MRTG and Cammer, I jumped for joy..this is exactly what i've been looking for!.. I have MRTG working and getting snmp info from both my host router and my cat6500. However, i REALLY want to run cammer to monitor my ports. Being a perl virgin, how in the name of hades would i go about setting up cammer? i'm guessing i have to run it via MRTG somehow?.please help...i'm almost there!
TIA.!
Work Smarter, Not Harder....
Hi CorruptedLogic,
You have MRTG up and running, which means that Perl is installed. To check this, type PERL -V in a Command Prompt (DOS Box).
Place your CAMMER file where you like it the most (e.g. d:\cammer\cammer
For your convenience you can rename the file to CAMMER.PL
Now create a batch file (.cmd) from which you run cammer.pl
It might look something like this:
---- begin cammer.cmd ----
@Echo off
Title Cammer MAC collector
perl d:\cammer\cammer.pl public@SwitchName public@RouterName >>MacAddresses.txt
---- end cammer.cmd ----
Ofcourse you have to change the SNMP read community string (public) and fill in the DNS name or IP address of your Switch and Router.
When all is done you have a text file containing the information. I used the append function ( >> ) so I do not lose previous information.
You might want to (automatically) import this file in a Database.
HTH.
You have MRTG up and running, which means that Perl is installed. To check this, type PERL -V in a Command Prompt (DOS Box).
Place your CAMMER file where you like it the most (e.g. d:\cammer\cammer
For your convenience you can rename the file to CAMMER.PL
Now create a batch file (.cmd) from which you run cammer.pl
It might look something like this:
---- begin cammer.cmd ----
@Echo off
Title Cammer MAC collector
perl d:\cammer\cammer.pl public@SwitchName public@RouterName >>MacAddresses.txt
---- end cammer.cmd ----
Ofcourse you have to change the SNMP read community string (public) and fill in the DNS name or IP address of your Switch and Router.
When all is done you have a text file containing the information. I used the append function ( >> ) so I do not lose previous information.
You might want to (automatically) import this file in a Database.
HTH.
CorruptedLogic
IS-IT--Management
- Aug 1, 2001
- 193
Thanks PalmTest, i played around with cammer / mrtg yesterday. I can get teh script to TRY to run, but it returns SNMP fetch errors. Do i have to setup anything in particualr on the switch by way of SNMP traps? Also, I read a few posts elsewhere which suggests cammer will only work with certain switches. We are using a catlyst 6550..any experience using it with one of those??
Work Smarter, Not Harder....
Work Smarter, Not Harder....
Hi CorruptedLogic,
Be sure that your machine may ask SNMP questions to your Router and Switches.
Most of the time SNMP access is limited to Management Stations only.
Also be sure to use the correct SNMPReadCommunity string.
Check for ACL's preventing SNMP to/from your machine.
Be sure that your machine may ask SNMP questions to your Router and Switches.
Most of the time SNMP access is limited to Management Stations only.
Also be sure to use the correct SNMPReadCommunity string.
Check for ACL's preventing SNMP to/from your machine.
- Status