Problem
You need to extract the ARP table from one of your routers to determine the MAC address associated with a particular IP address or the IP address for a particular MAC address.
Solution
The script in Example 2-3, arpt.pl, extracts the ARP table for a specified router or IP address and displays the results to standard output. The script expects to find a hostname or IP address of a router on the command line.
Example 2-3. arpt.pl
#!/usr/local/bin/perl # # arpt.pl -- a script to extract the ARP cache from a router. # #Set behavour $snmpro="ORARO"; # $snmpwalk="/usr/local/bin/snmpwalk -v 1 -c $snmpro"; $snmpget="/usr/local/bin/snmpget -v 1 -c $snmpro"; chomp ($rtr=$ARGV[0]); if ( $rtr eq "" ) {die "$0: Must specify a router "}; @iftable=Q$snmpwalk $rtr ifDescrQ; for $ifnum (@iftable) { chomp (($intno, $intname) = split (/ = /, $ifnum)); $intno=~s/.*ifDescr.//; $intname=~s/"//gi; $arpint{$intno}=$intname; } printf ("%-22.22s %-10.10s %-25.25s ", Address, MAC, Interface); @atTable=Q$snmpwalk $rtr .1.3.6.1.2.1.3.1.1.1Q; for $atnum (@atTable) { chomp (($atip, $atint) = split (/ = /, $atnum)); $atip =~ s/.*atIfIndex.[0-9]+.1.//; $atphys=Q$snmpget $rtr atPhysAddress.$atint.1.$atipQ; chomp(($foo, $phys) = split(/: /, $atphys)); $phys=~s/ /-/gi; chop ($phys); $phys=~tr/A-Z/a-z/; $int=$arpint{$atint}; printf ("%-15.15s %17.17s %-25.25s ", $atip, $phys, $int); } |
Discussion
The arpt.pl script extracts the ARP table from a specific router using SNMP and displays it to standard output. The script requires Perl and NET-SNMP, and it expects to find both in the /usr/local/bin directory. For more information on Perl or NET-SNMP, please see Appendix A.
Before using the script, you need to set the SNMP read-only community string, which is contained in the variable $snmpro:
Freebsd% ./arpt.pl toronto Address MAC Interface 172.22.1.1 00-01-96-70-b7-81 FastEthernet0/1 172.22.1.2 00-01-96-70-b7-81 FastEthernet0/1 172.22.1.3 00-01-96-70-b7-81 FastEthernet0/1 172.25.1.1 00-10-4b-09-57-00 FastEthernet0/0.1 172.25.1.5 00-01-96-70-b7-80 FastEthernet0/0.1 172.25.1.7 00-00-0c-92-bc-6a FastEthernet0/0.1 172.25.1.254 00-00-0c-07-ac-01 FastEthernet0/0.1 172.16.2.1 00-01-96-70-b7-80 FastEthernet0/0.2 172.16.2.22 00-00-0c-07-ac-00 FastEthernet0/0.2 Freebsd%
The script creates a simple report, including the IP address, MAC address, and interface name of each ARP entry. You can then use a search utility of some kind to locate specific devices by its IP or MAC address. For example, on a Unix server, you could pipe the output to the grep command, as follows:
Freebsd% ./arpt.pl toronto | grep 172.25.1.5 172.25.1.5 00-01-96-70-b7-80 FastEthernet0/0.1 Freebsd%
The ARP tables on large routers can be quite large, which can make locating a single ARP entry difficult. This script allows you to track down a particular device remotely. You could also use the grep utility to find the IP address of a particular known MAC address:
Freebsd% ./arpt.pl toronto | grep 00-10-4b-09-57-15 172.25.1.3 00-10-4b-09-57-15 FastEthernet0/0.1 Freebsd%
This script only queries open standard SNMP MIBS, so you can use it to extract ARP table information from almost any SNMP enabled device, even nonCisco equipment.
See Also
Appendix A
Router Configuration and File Management
Router Management
User Access and Privilege Levels
TACACS+
IP Routing
RIP
EIGRP
OSPF
BGP
Frame Relay
Handling Queuing and Congestion
Tunnels and VPNs
Dial Backup
NTP and Time
DLSw
Router Interfaces and Media
Simple Network Management Protocol
Logging
Access-Lists
DHCP
NAT
First Hop Redundancy Protocols
IP Multicast
IP Mobility
IPv6
MPLS
Security
Appendix 1. External Software Packages
Appendix 2. IP Precedence, TOS, and DSCP Classifications
Index