«

I'm not quite sure how to phrase this question, but I'll give it a try
anyhow. I inherited a pair of Catalyst 4006s, both running CatOS
8.1(2). There are about 200 active ports in each chassis, with very
little documentation as to what is plugged in to where. I've done the
best I can using things like "sh cam dyn" and tools like nmap in terms
of matching MAC addresses to devices on the network, but there are a
few devices I'm struggling with.

What would *really* help me is if there was a way for CatOS to "sniff"
the destination IP address of a certain port. For example, I don't know
what port 2/2 is:

CAT4000-1> (enable) sh cam dyn 2/2
* = Static Entry. + = Permanent Entry. # = System Entry. R = Router
Entry.
X = Port Security Entry $ = Dot1x Security Entry

VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol
Type]
---- ------------------ -----
-------------------------------------------
1 00-0f-20-32-11-80 2/2 [ALL]

and I can't seem to find that MAC address anywhere in the network. Is
there any way that CatOS can pull the destination IP address of data
headed to that MAC, which may give me the IP address of whatever device
is connected to port 2/2?

Thanks,


Chris

In article < om>,
Chris <> wrote:
>I'm not quite sure how to phrase this question, but I'll give it a try
>anyhow. I inherited a pair of Catalyst 4006s, both running CatOS
>8.1(2).

>CAT4000-1> (enable) sh cam dyn 2/2

>1 00-0f-20-32-11-80 2/2 [ALL]

>and I can't seem to find that MAC address anywhere in the network. Is
>there any way that CatOS can pull the destination IP address of data
>headed to that MAC, which may give me the IP address of whatever device
>is connected to port 2/2?

If I recall correctly, you can use CatOS to mirror the traffic
from 2/2 over to another port (that you would have a sniffer listening on.)

Chris wrote:
> I'm not quite sure how to phrase this question, but I'll give it a try
> anyhow. I inherited a pair of Catalyst 4006s, both running CatOS
> 8.1(2). There are about 200 active ports in each chassis, with very
> little documentation as to what is plugged in to where. I've done the
> best I can using things like "sh cam dyn" and tools like nmap in terms
> of matching MAC addresses to devices on the network, but there are a
> few devices I'm struggling with.
>
> What would *really* help me is if there was a way for CatOS to "sniff"
> the destination IP address of a certain port. For example, I don't know
> what port 2/2 is:
>
> CAT4000-1> (enable) sh cam dyn 2/2
> * = Static Entry. + = Permanent Entry. # = System Entry. R = Router
> Entry.
> X = Port Security Entry $ = Dot1x Security Entry
>
> VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol
> Type]
> ---- ------------------ -----
> -------------------------------------------
> 1 00-0f-20-32-11-80 2/2 [ALL]
>
> and I can't seem to find that MAC address anywhere in the network. Is
> there any way that CatOS can pull the destination IP address of data
> headed to that MAC, which may give me the IP address of whatever device
> is connected to port 2/2?
>
> Thanks,
>
>
> Chris

If you have a PC or router on the same VLAN you can use any scanner
to ping (say) all ip addresses on the VLAN.

you then look at your APR cache.

Windows arp -a.

Chris wrote:

Is
> there any way that CatOS can pull the destination IP address of data
> headed to that MAC, which may give me the IP address of whatever device
> is connected to port 2/2?

To see where a MAC is use the following

show cam dynamic | include <mod>/<port>

To forward the traffic of a VLAN or port to a specific port use SPAN

switch-4006> (enable) set span ?
disable Disable port monitoring
<mod/port> Source module and port numbers
<vlan> Source VLAN numbers
switch-4006> (enable) set span 1 ?
<mod/port> Destination module and port numbers
switch-4006> (enable) set span 1 3/34 ?
both Both receiving and transmitting traffic
create Creating new SPAN session
filter Monitor traffic on selected vlans
inpkts Enable/disable destination port incoming packets
learning Enable/disable MAC address learning
rx Receiving traffic
tx Transmitting traffic
<cr>
switch-4006> (enable) set span 1 3/34

HTH Alex.

Chris wrote:
> I'm not quite sure how to phrase this question, but I'll give it a try
> anyhow. I inherited a pair of Catalyst 4006s, both running CatOS
> 8.1(2). There are about 200 active ports in each chassis, with very
> little documentation as to what is plugged in to where. I've done the
> best I can using things like "sh cam dyn" and tools like nmap in terms
> of matching MAC addresses to devices on the network, but there are a
> few devices I'm struggling with.
>
> What would *really* help me is if there was a way for CatOS to "sniff"
> the destination IP address of a certain port. For example, I don't know
> what port 2/2 is:
>
> CAT4000-1> (enable) sh cam dyn 2/2
> * = Static Entry. + = Permanent Entry. # = System Entry. R = Router
> Entry.
> X = Port Security Entry $ = Dot1x Security Entry
>
> VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol
> Type]
> ---- ------------------ -----
> -------------------------------------------
> 1 00-0f-20-32-11-80 2/2 [ALL]
>
> and I can't seem to find that MAC address anywhere in the network. Is
> there any way that CatOS can pull the destination IP address of data
> headed to that MAC, which may give me the IP address of whatever device
> is connected to port 2/2?
>
> Thanks,
>
>
> Chris

You just need the IP address of the device that's on port 2/2? Is
there a router that's routing traffic for the subnet that the host is
in? If so (and if you have access to the router) all you need to do is
go to the router and look at the arp table. On the router you would
want to use the following command:

sh ip arp | incl 000f.2032.1180

Notice that the format of the MAC address is slightly different between
CatOS and IOS.

[example]
router#sh ip arp | incl 0017.c2a9.2a49
Internet 192.168.49.107 102 0017.c2a9.2a49 ARPA
FastEthernet0/0.49

If you don't have access to the router, can you put a laptop on another
switch port (in the same vlan) and ping all the IP addresses in that
subnet? Then look at the arp table on the laptop and see if you find
your MAC address. Hope this helps.

-Dan

>From the MAC address it looks like an HP device... dunno if that helps


Chris wrote:
> I'm not quite sure how to phrase this question, but I'll give it a try
> anyhow. I inherited a pair of Catalyst 4006s, both running CatOS
> 8.1(2). There are about 200 active ports in each chassis, with very
> little documentation as to what is plugged in to where. I've done the
> best I can using things like "sh cam dyn" and tools like nmap in terms
> of matching MAC addresses to devices on the network, but there are a
> few devices I'm struggling with.
>
> What would *really* help me is if there was a way for CatOS to "sniff"
> the destination IP address of a certain port. For example, I don't know
> what port 2/2 is:
>
> CAT4000-1> (enable) sh cam dyn 2/2
> * = Static Entry. + = Permanent Entry. # = System Entry. R = Router
> Entry.
> X = Port Security Entry $ = Dot1x Security Entry
>
> VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol
> Type]
> ---- ------------------ -----
> -------------------------------------------
> 1 00-0f-20-32-11-80 2/2 [ALL]
>
> and I can't seem to find that MAC address anywhere in the network. Is
> there any way that CatOS can pull the destination IP address of data
> headed to that MAC, which may give me the IP address of whatever device
> is connected to port 2/2?
>
> Thanks,
>
>
> Chris

Chris wrote:
> I'm not quite sure how to phrase this question, but I'll give it a try
> anyhow. I inherited a pair of Catalyst 4006s, both running CatOS
> 8.1(2). There are about 200 active ports in each chassis, with very
> little documentation as to what is plugged in to where. I've done the
> best I can using things like "sh cam dyn" and tools like nmap in terms
> of matching MAC addresses to devices on the network, but there are a
> few devices I'm struggling with.
>
> What would *really* help me is if there was a way for CatOS to "sniff"
> the destination IP address of a certain port. For example, I don't know
> what port 2/2 is:
>
> CAT4000-1> (enable) sh cam dyn 2/2
> * = Static Entry. + = Permanent Entry. # = System Entry. R = Router
> Entry.
> X = Port Security Entry $ = Dot1x Security Entry
>
> VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol
> Type]
> ---- ------------------ -----
> -------------------------------------------
> 1 00-0f-20-32-11-80 2/2 [ALL]
>
> and I can't seem to find that MAC address anywhere in the network. Is
> there any way that CatOS can pull the destination IP address of data
> headed to that MAC, which may give me the IP address of whatever device
> is connected to port 2/2?
>
> Thanks,
>
>
> Chris


>From the MAC address it looks like an HP device... dunno if that helps

Rgds
Moiz