Host tracking on Cisco switch/routers using perl script

Discussion in 'Cisco' started by PeperG, Feb 7, 2007.

  1. PeperG

    PeperG Guest

    I am trying to set up a way to track the host on my network using a
    Perl script. I dont want to telnet in to the device using
    Net::Telnet::Cisco. I am thinking using Net::SNMP and the ro community
    string will be a bit more secure. Any one have any good pointers or
    experience doing this on CatOS and IOS devices?

    Peper
     
    PeperG, Feb 7, 2007
    #1
    1. Advertising

  2. In article <>,
    PeperG <> wrote:
    >I am trying to set up a way to track the host on my network using a
    >Perl script. I dont want to telnet in to the device using
    >Net::Telnet::Cisco. I am thinking using Net::SNMP and the ro community
    >string will be a bit more secure. Any one have any good pointers or
    >experience doing this on CatOS and IOS devices?


    What kind of host tracking did you want to do?
    I did some things up in a mix of perl and ksh to do the kinds
    of tracking that -I- needed, but different people have different
    ideas about what's important.

    In some ways, the code is quite straight forward: send a probe,
    record the response in a data structure, repeat, and at the end
    interpret the data combinations into printable format.

    On the other hand, the code isn't quite so straight forward, because
    of an important factor that you will seldom find documented:

    SNMP agents lie. Repeatedly.

    Thus it takes a non-trivial amount of experience with networks and SNMP
    to figure out what the agents are lying about, how to get around
    the lies, and how to best account for the inconsistancies that you
    will find in the data structures.

    If you have more financial budget than time budget, I'd recommend
    obtaining a pre-written tool. You -can- write the tools "free",
    but the time investment required is fairly noticable -- not "huge"
    but not "just a couple of days" either.


    You will likely find, by the way, that the best way to proceed is
    to fetch the OIDs and just record the responses, as quickly as you
    can (so that you get the most consistant view of what was happening
    at a particular time); and only after you have recorded the responses
    do you proceed to the parsing and data analysis phase. If you record
    the raw SNMP responses before analysis, then you will later be able to
    go back and do other kinds of analysis. For example, if you want
    a report on all the ports that are acting like trunk ports (darn
    user-installed switches!), and then you want a report on the VLAN
    setup of the switches, you don't want to have to have it go back
    and rescan all the switches: you want to be able to make use of
    anything you already happened to record. And when you are tracking
    wayword systems, you want to be able to track timing patterns to
    give you a better idea of who is using the system. And so on.
    Record once, analyze repeatedly.
     
    Walter Roberson, Feb 8, 2007
    #2
    1. Advertising

  3. On Wed, 07 Feb 2007 14:15:15 -0800, PeperG wrote:

    > I am trying to set up a way to track the host on my network using a
    > Perl script. I dont want to telnet in to the device using
    > Net::Telnet::Cisco. I am thinking using Net::SNMP and the ro community
    > string will be a bit more secure. Any one have any good pointers or
    > experience doing this on CatOS and IOS devices?
    >
    > Peper



    http://www.cc-lan.fraunhofer.de/projekte/tirith/
     
    Danick Veenstra, Feb 8, 2007
    #3
  4. PeperG

    PeperG Guest

    On Feb 7, 7:18 pm, (Walter Roberson) wrote:
    > In article <>,
    >
    > PeperG <> wrote:
    > >I am trying to set up a way to track the host on my network using a
    > >Perl script. I dont want to telnet in to the device using
    > >Net::Telnet::Cisco. I am thinking using Net::SNMP and the ro community
    > >string will be a bit more secure. Any one have any good pointers or
    > >experience doing this on CatOS and IOS devices?

    >
    > What kind of host tracking did you want to do?
    > I did some things up in a mix of perl and ksh to do the kinds
    > of tracking that -I- needed, but different people have different
    > ideas about what's important.
    >
    > In some ways, the code is quite straight forward: send a probe,
    > record the response in a data structure, repeat, and at the end
    > interpret the data combinations into printable format.
    >
    > On the other hand, the code isn't quite so straight forward, because
    > of an important factor that you will seldom find documented:
    >
    > SNMP agents lie. Repeatedly.
    >
    > Thus it takes a non-trivial amount of experience with networks and SNMP
    > to figure out what the agents are lying about, how to get around
    > the lies, and how to best account for the inconsistancies that you
    > will find in the data structures.
    >
    > If you have more financial budget than time budget, I'd recommend
    > obtaining a pre-written tool. You -can- write the tools "free",
    > but the time investment required is fairly noticable -- not "huge"
    > but not "just a couple of days" either.
    >
    > You will likely find, by the way, that the best way to proceed is
    > to fetch the OIDs and just record the responses, as quickly as you
    > can (so that you get the most consistant view of what was happening
    > at a particular time); and only after you have recorded the responses
    > do you proceed to the parsing and data analysis phase. If you record
    > the raw SNMP responses before analysis, then you will later be able to
    > go back and do other kinds of analysis. For example, if you want
    > a report on all the ports that are acting like trunk ports (darn
    > user-installed switches!), and then you want a report on the VLAN
    > setup of the switches, you don't want to have to have it go back
    > and rescan all the switches: you want to be able to make use of
    > anything you already happened to record. And when you are tracking
    > wayword systems, you want to be able to track timing patterns to
    > give you a better idea of who is using the system. And so on.
    > Record once, analyze repeatedly.


    What I am thinking to start is to use the OID on the router to pull
    the arp table from the core routers and then use the OID on the switch
    to pull the cam table. Once I have them I want to then mesh them
    ignoring the trunk ports for now to come up with a report that will
    show me an IP, MAC, Switch, Switch Port. I dont have the expenses to
    buy something and there are things that I want to later build upon it
    like pulling information out of our asset db to get machine names
    locations on the floor and stuff like that.

    Any assistance or if someone would like to mentor a budding script
    writer I would greatly appreciate any assistance.

    Peper
     
    PeperG, Feb 8, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mkinsman

    NAS Perl/CGI Script

    mkinsman, Nov 23, 2003, in forum: Cisco
    Replies:
    0
    Views:
    631
    mkinsman
    Nov 23, 2003
  2. tomviolin
    Replies:
    9
    Views:
    1,123
    Richard Graves
    Apr 26, 2005
  3. vbMark

    How do I run a perl command on my web host?

    vbMark, Sep 8, 2005, in forum: Computer Support
    Replies:
    3
    Views:
    665
    ITSO azionista
    Sep 8, 2005
  4. Michael  Osten
    Replies:
    0
    Views:
    1,849
    Michael Osten
    Feb 14, 2007
  5. business one way

    Is it a Perl program or a Perl script?

    business one way, Jan 5, 2008, in forum: Digital Photography
    Replies:
    0
    Views:
    798
    business one way
    Jan 5, 2008
Loading...

Share This Page