Determining an IP address' port on a Catalyst 4006?

Discussion in 'Cisco' started by Chris, Jan 15, 2007.

  1. Chris

    Chris Guest

    I'm not quite sure how to phrase this question, but I'll give it a try
    anyhow. I inherited a pair of Catalyst 4006s, both running CatOS
    8.1(2). There are about 200 active ports in each chassis, with very
    little documentation as to what is plugged in to where. I've done the
    best I can using things like "sh cam dyn" and tools like nmap in terms
    of matching MAC addresses to devices on the network, but there are a
    few devices I'm struggling with.

    What would *really* help me is if there was a way for CatOS to "sniff"
    the destination IP address of a certain port. For example, I don't know
    what port 2/2 is:

    CAT4000-1> (enable) sh cam dyn 2/2
    * = Static Entry. + = Permanent Entry. # = System Entry. R = Router
    Entry.
    X = Port Security Entry $ = Dot1x Security Entry

    VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol
    Type]
    ---- ------------------ -----
    -------------------------------------------
    1 00-0f-20-32-11-80 2/2 [ALL]

    and I can't seem to find that MAC address anywhere in the network. Is
    there any way that CatOS can pull the destination IP address of data
    headed to that MAC, which may give me the IP address of whatever device
    is connected to port 2/2?

    Thanks,


    Chris
     
    Chris, Jan 15, 2007
    #1
    1. Advertising

  2. In article <>,
    Chris <> wrote:
    >I'm not quite sure how to phrase this question, but I'll give it a try
    >anyhow. I inherited a pair of Catalyst 4006s, both running CatOS
    >8.1(2).


    >CAT4000-1> (enable) sh cam dyn 2/2


    >1 00-0f-20-32-11-80 2/2 [ALL]


    >and I can't seem to find that MAC address anywhere in the network. Is
    >there any way that CatOS can pull the destination IP address of data
    >headed to that MAC, which may give me the IP address of whatever device
    >is connected to port 2/2?


    If I recall correctly, you can use CatOS to mirror the traffic
    from 2/2 over to another port (that you would have a sniffer listening on.)
     
    Walter Roberson, Jan 15, 2007
    #2
    1. Advertising

  3. Chris

    Guest

    Chris wrote:
    > I'm not quite sure how to phrase this question, but I'll give it a try
    > anyhow. I inherited a pair of Catalyst 4006s, both running CatOS
    > 8.1(2). There are about 200 active ports in each chassis, with very
    > little documentation as to what is plugged in to where. I've done the
    > best I can using things like "sh cam dyn" and tools like nmap in terms
    > of matching MAC addresses to devices on the network, but there are a
    > few devices I'm struggling with.
    >
    > What would *really* help me is if there was a way for CatOS to "sniff"
    > the destination IP address of a certain port. For example, I don't know
    > what port 2/2 is:
    >
    > CAT4000-1> (enable) sh cam dyn 2/2
    > * = Static Entry. + = Permanent Entry. # = System Entry. R = Router
    > Entry.
    > X = Port Security Entry $ = Dot1x Security Entry
    >
    > VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol
    > Type]
    > ---- ------------------ -----
    > -------------------------------------------
    > 1 00-0f-20-32-11-80 2/2 [ALL]
    >
    > and I can't seem to find that MAC address anywhere in the network. Is
    > there any way that CatOS can pull the destination IP address of data
    > headed to that MAC, which may give me the IP address of whatever device
    > is connected to port 2/2?
    >
    > Thanks,
    >
    >
    > Chris


    If you have a PC or router on the same VLAN you can use any scanner
    to ping (say) all ip addresses on the VLAN.

    you then look at your APR cache.

    Windows arp -a.
     
    , Jan 15, 2007
    #3
  4. Chris

    AM Guest

    Chris wrote:

    Is
    > there any way that CatOS can pull the destination IP address of data
    > headed to that MAC, which may give me the IP address of whatever device
    > is connected to port 2/2?


    To see where a MAC is use the following

    show cam dynamic | include <mod>/<port>

    To forward the traffic of a VLAN or port to a specific port use SPAN

    switch-4006> (enable) set span ?
    disable Disable port monitoring
    <mod/port> Source module and port numbers
    <vlan> Source VLAN numbers
    switch-4006> (enable) set span 1 ?
    <mod/port> Destination module and port numbers
    switch-4006> (enable) set span 1 3/34 ?
    both Both receiving and transmitting traffic
    create Creating new SPAN session
    filter Monitor traffic on selected vlans
    inpkts Enable/disable destination port incoming packets
    learning Enable/disable MAC address learning
    rx Receiving traffic
    tx Transmitting traffic
    <cr>
    switch-4006> (enable) set span 1 3/34

    HTH Alex.
     
    AM, Jan 16, 2007
    #4
  5. Chris

    Guest

    Chris wrote:
    > I'm not quite sure how to phrase this question, but I'll give it a try
    > anyhow. I inherited a pair of Catalyst 4006s, both running CatOS
    > 8.1(2). There are about 200 active ports in each chassis, with very
    > little documentation as to what is plugged in to where. I've done the
    > best I can using things like "sh cam dyn" and tools like nmap in terms
    > of matching MAC addresses to devices on the network, but there are a
    > few devices I'm struggling with.
    >
    > What would *really* help me is if there was a way for CatOS to "sniff"
    > the destination IP address of a certain port. For example, I don't know
    > what port 2/2 is:
    >
    > CAT4000-1> (enable) sh cam dyn 2/2
    > * = Static Entry. + = Permanent Entry. # = System Entry. R = Router
    > Entry.
    > X = Port Security Entry $ = Dot1x Security Entry
    >
    > VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol
    > Type]
    > ---- ------------------ -----
    > -------------------------------------------
    > 1 00-0f-20-32-11-80 2/2 [ALL]
    >
    > and I can't seem to find that MAC address anywhere in the network. Is
    > there any way that CatOS can pull the destination IP address of data
    > headed to that MAC, which may give me the IP address of whatever device
    > is connected to port 2/2?
    >
    > Thanks,
    >
    >
    > Chris


    You just need the IP address of the device that's on port 2/2? Is
    there a router that's routing traffic for the subnet that the host is
    in? If so (and if you have access to the router) all you need to do is
    go to the router and look at the arp table. On the router you would
    want to use the following command:

    sh ip arp | incl 000f.2032.1180

    Notice that the format of the MAC address is slightly different between
    CatOS and IOS.

    [example]
    router#sh ip arp | incl 0017.c2a9.2a49
    Internet 192.168.49.107 102 0017.c2a9.2a49 ARPA
    FastEthernet0/0.49

    If you don't have access to the router, can you put a laptop on another
    switch port (in the same vlan) and ping all the IP addresses in that
    subnet? Then look at the arp table on the laptop and see if you find
    your MAC address. Hope this helps.

    -Dan
     
    , Jan 16, 2007
    #5
  6. Chris

    moizs Guest

    >From the MAC address it looks like an HP device... dunno if that helps


    Chris wrote:
    > I'm not quite sure how to phrase this question, but I'll give it a try
    > anyhow. I inherited a pair of Catalyst 4006s, both running CatOS
    > 8.1(2). There are about 200 active ports in each chassis, with very
    > little documentation as to what is plugged in to where. I've done the
    > best I can using things like "sh cam dyn" and tools like nmap in terms
    > of matching MAC addresses to devices on the network, but there are a
    > few devices I'm struggling with.
    >
    > What would *really* help me is if there was a way for CatOS to "sniff"
    > the destination IP address of a certain port. For example, I don't know
    > what port 2/2 is:
    >
    > CAT4000-1> (enable) sh cam dyn 2/2
    > * = Static Entry. + = Permanent Entry. # = System Entry. R = Router
    > Entry.
    > X = Port Security Entry $ = Dot1x Security Entry
    >
    > VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol
    > Type]
    > ---- ------------------ -----
    > -------------------------------------------
    > 1 00-0f-20-32-11-80 2/2 [ALL]
    >
    > and I can't seem to find that MAC address anywhere in the network. Is
    > there any way that CatOS can pull the destination IP address of data
    > headed to that MAC, which may give me the IP address of whatever device
    > is connected to port 2/2?
    >
    > Thanks,
    >
    >
    > Chris
     
    moizs, Jan 17, 2007
    #6
  7. Chris

    moizs Guest

    Chris wrote:
    > I'm not quite sure how to phrase this question, but I'll give it a try
    > anyhow. I inherited a pair of Catalyst 4006s, both running CatOS
    > 8.1(2). There are about 200 active ports in each chassis, with very
    > little documentation as to what is plugged in to where. I've done the
    > best I can using things like "sh cam dyn" and tools like nmap in terms
    > of matching MAC addresses to devices on the network, but there are a
    > few devices I'm struggling with.
    >
    > What would *really* help me is if there was a way for CatOS to "sniff"
    > the destination IP address of a certain port. For example, I don't know
    > what port 2/2 is:
    >
    > CAT4000-1> (enable) sh cam dyn 2/2
    > * = Static Entry. + = Permanent Entry. # = System Entry. R = Router
    > Entry.
    > X = Port Security Entry $ = Dot1x Security Entry
    >
    > VLAN Dest MAC/Route Des [CoS] Destination Ports or VCs / [Protocol
    > Type]
    > ---- ------------------ -----
    > -------------------------------------------
    > 1 00-0f-20-32-11-80 2/2 [ALL]
    >
    > and I can't seem to find that MAC address anywhere in the network. Is
    > there any way that CatOS can pull the destination IP address of data
    > headed to that MAC, which may give me the IP address of whatever device
    > is connected to port 2/2?
    >
    > Thanks,
    >
    >
    > Chris



    >From the MAC address it looks like an HP device... dunno if that helps


    Rgds
    Moiz
     
    moizs, Jan 17, 2007
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rob
    Replies:
    1
    Views:
    600
  2. IHateSpam

    bootp on catalyst 4006 sup II ?

    IHateSpam, Mar 2, 2004, in forum: Cisco
    Replies:
    1
    Views:
    571
    Craig Johnson
    Mar 2, 2004
  3. AM
    Replies:
    1
    Views:
    1,727
  4. Catalyst_user

    TFTP from a Cisco Catalyst 4006 problem

    Catalyst_user, Mar 17, 2005, in forum: Cisco
    Replies:
    5
    Views:
    784
    Hansang Bae
    Mar 22, 2005
  5. Catalyst_user
    Replies:
    3
    Views:
    7,476
    migrieb
    Nov 22, 2006
Loading...

Share This Page