Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   Quick Question (http://www.velocityreviews.com/forums/t379549-quick-question.html)

inekam@gmail.com 11-03-2006 04:41 PM

Quick Question
 
Hello All

I have a little problem. I have a cat6000 and WS-X6348-RJ-45 connected.
I am trying to find out an ip or a mac for a specific port on that
switch. When i try to do "show cam dynamic 6/29" I get "Total Matching
CAM Entries Displayed =0" show port 6/29 shows me that its an active
connected port. Is there anyway i can find out a mac of the device on
that port or an ip.


Thank you


Walter Roberson 11-03-2006 08:43 PM

Re: Quick Question
 
In article <1162572075.849943.13120@h48g2000cwc.googlegroups. com>,
<inekam@gmail.com> wrote:

>I have a little problem. I have a cat6000 and WS-X6348-RJ-45 connected.
>I am trying to find out an ip or a mac for a specific port on that
>switch. When i try to do "show cam dynamic 6/29" I get "Total Matching
>CAM Entries Displayed =0" show port 6/29 shows me that its an active
>connected port. Is there anyway i can find out a mac of the device on
>that port or an ip.


If show cam dynamic does not show the MAC then the device has not
"recently" sent data through the port. Can you ping the device, or
reboot it, or otherwise prod it to use the network? If that isn't
practical, then you may wish to consider spanning the port
to another and using a program such as arpwatch or tcpdump
to monitor for the MAC.

inekam@gmail.com 11-03-2006 09:06 PM

Re: Quick Question
 

Walter Roberson wrote:
> In article <1162572075.849943.13120@h48g2000cwc.googlegroups. com>,
> <inekam@gmail.com> wrote:
>
> >I have a little problem. I have a cat6000 and WS-X6348-RJ-45 connected.
> >I am trying to find out an ip or a mac for a specific port on that
> >switch. When i try to do "show cam dynamic 6/29" I get "Total Matching
> >CAM Entries Displayed =0" show port 6/29 shows me that its an active
> >connected port. Is there anyway i can find out a mac of the device on
> >that port or an ip.

>
> If show cam dynamic does not show the MAC then the device has not
> "recently" sent data through the port. Can you ping the device, or
> reboot it, or otherwise prod it to use the network? If that isn't
> practical, then you may wish to consider spanning the port
> to another and using a program such as arpwatch or tcpdump
> to monitor for the MAC.


I see thanks. Is there way i can actualy ping a port? Because since i
have no idea where the device is with out tracing the wire i cant find
it. And i willl try span the port and just monitor it but thats still
pasif is there an active method. Can i flood the port with a request
dhcp or arp. Is there a way to flood a port?

Thanks againe


Walter Roberson 11-03-2006 09:58 PM

Re: Quick Question
 
In article <1162587988.305581.201810@e3g2000cwe.googlegroups. com>,
<inekam@gmail.com> wrote:
>
>Walter Roberson wrote:
>> In article <1162572075.849943.13120@h48g2000cwc.googlegroups. com>,
>> <inekam@gmail.com> wrote:


>> >I have a little problem. I have a cat6000 and WS-X6348-RJ-45 connected.
>> >I am trying to find out an ip or a mac for a specific port on that
>> >switch. When i try to do "show cam dynamic 6/29" I get "Total Matching
>> >CAM Entries Displayed =0" show port 6/29 shows me that its an active
>> >connected port. Is there anyway i can find out a mac of the device on
>> >that port or an ip.


>I see thanks. Is there way i can actualy ping a port?


Sorry, no.

>Because since i
>have no idea where the device is with out tracing the wire i cant find
>it. And i willl try span the port and just monitor it but thats still
>pasif is there an active method. Can i flood the port with a request
>dhcp or arp. Is there a way to flood a port?


Every broadcast or multicast packet is automatically flooded to every
port that is in the same VLAN. However, whether the device will
bother to respond is not under your remote control.

You could *try* pinging 255.255.255.255, or you could *try* sending
a UDP packet to the broadcast address of each subnet it might be on,
in hopes that the device will choose to respond to something, but
there is no certainty: even without any "firewall" at any level,
it is not uncommon for systems to only respond to traffic to their IP
(or their MAC.)

Does the device definitely have an IP address, in a known range
(even if the exact IP is unknown)? If so then you could
use any of a number of tools to sweep through the entire IP range,
trying an ICMP echo, and attempting a connection that "should"
either get a response or an ICMP unreachable message when you hit the
right IP.

nmap is a useful tool for these kinds of scans. Try first with -sP
(ping scan), then with -P0 -sU -p 35-39
whcih means "do not try ping first", "do a UDP scan" and "probe UDP ports
35-39". If you have root/admin access then you can
-P0 -sT -p 21,22,25,35-39,80 which is similar but TCP ports 21, 22, 25,
35-39, and 80.


inekam@gmail.com 11-06-2006 04:10 PM

Re: Quick Question
 
Thanks for the grate advice i will try your sugestions.

Walter Roberson wrote:
> In article <1162587988.305581.201810@e3g2000cwe.googlegroups. com>,
> <inekam@gmail.com> wrote:
> >
> >Walter Roberson wrote:
> >> In article <1162572075.849943.13120@h48g2000cwc.googlegroups. com>,
> >> <inekam@gmail.com> wrote:

>
> >> >I have a little problem. I have a cat6000 and WS-X6348-RJ-45 connected.
> >> >I am trying to find out an ip or a mac for a specific port on that
> >> >switch. When i try to do "show cam dynamic 6/29" I get "Total Matching
> >> >CAM Entries Displayed =0" show port 6/29 shows me that its an active
> >> >connected port. Is there anyway i can find out a mac of the device on
> >> >that port or an ip.

>
> >I see thanks. Is there way i can actualy ping a port?

>
> Sorry, no.
>
> >Because since i
> >have no idea where the device is with out tracing the wire i cant find
> >it. And i willl try span the port and just monitor it but thats still
> >pasif is there an active method. Can i flood the port with a request
> >dhcp or arp. Is there a way to flood a port?

>
> Every broadcast or multicast packet is automatically flooded to every
> port that is in the same VLAN. However, whether the device will
> bother to respond is not under your remote control.
>
> You could *try* pinging 255.255.255.255, or you could *try* sending
> a UDP packet to the broadcast address of each subnet it might be on,
> in hopes that the device will choose to respond to something, but
> there is no certainty: even without any "firewall" at any level,
> it is not uncommon for systems to only respond to traffic to their IP
> (or their MAC.)
>
> Does the device definitely have an IP address, in a known range
> (even if the exact IP is unknown)? If so then you could
> use any of a number of tools to sweep through the entire IP range,
> trying an ICMP echo, and attempting a connection that "should"
> either get a response or an ICMP unreachable message when you hit the
> right IP.
>
> nmap is a useful tool for these kinds of scans. Try first with -sP
> (ping scan), then with -P0 -sU -p 35-39
> whcih means "do not try ping first", "do a UDP scan" and "probe UDP ports
> 35-39". If you have root/admin access then you can
> -P0 -sT -p 21,22,25,35-39,80 which is similar but TCP ports 21, 22, 25,
> 35-39, and 80.




All times are GMT. The time now is 05:14 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.