Show who is connected to the fastEthernet port of catalyst 2950

Discussion in 'Cisco' started by ns, Oct 6, 2004.

  1. ns

    ns Guest

    Hi,

    By using Catalyst 2950-48, how it's possible to know ip address of host by
    giving the mac-address ?

    For the moment, i juste know the mac-address of network card connected to
    the specified port. For exemple :

    #sh mac-address-table
    40 0004.758a.549z DYNAMIC Fa0/1

    and "sh ip arp" don't gives the ip address, i suppose because my 2950 is not
    router (L3 Routing), so, no arp table on catalyst 2950.

    So, i need to report all ip address of hosts connected to the catalyst 2950.
    How can i do it ?

    Thank You very much for your help

    Best Regards
    NS
     
    ns, Oct 6, 2004
    #1
    1. Advertising

  2. ns

    Paul Kendall Guest

    I think you are looking for information that is not available in the 2950.
    the 2950 is a switch so is only aware of layer 2 protocols.

    You will have to work back to your router...You should simple be able to
    show arp on the router and cross-reference the MAC addresses in both devices
    to determine the information that you are looking for.

    I think you are right on the money with your command just on the wrong
    device. I just looked at our Router and Switches and was able to make the
    associations. you should be good to go.

    Let me know if that helps or not

    Paul Kendall.
    "ns" <> wrote in message news:...
    > Hi,
    >
    > By using Catalyst 2950-48, how it's possible to know ip address of host by
    > giving the mac-address ?
    >
    > For the moment, i juste know the mac-address of network card connected to
    > the specified port. For exemple :
    >
    > #sh mac-address-table
    > 40 0004.758a.549z DYNAMIC Fa0/1
    >
    > and "sh ip arp" don't gives the ip address, i suppose because my 2950 is
    > not
    > router (L3 Routing), so, no arp table on catalyst 2950.
    >
    > So, i need to report all ip address of hosts connected to the catalyst
    > 2950.
    > How can i do it ?
    >
    > Thank You very much for your help
    >
    > Best Regards
    > NS
    >
    >
     
    Paul Kendall, Oct 6, 2004
    #2
    1. Advertising

  3. ns

    ED Guest

    sh ip route


    "ns" <> wrote in message
    news:...
    > Hi,
    >
    > By using Catalyst 2950-48, how it's possible to know ip address of
    > host by
    > giving the mac-address ?
    >
    > For the moment, i juste know the mac-address of network card connected
    > to
    > the specified port. For exemple :
    >
    > #sh mac-address-table
    > 40 0004.758a.549z DYNAMIC Fa0/1
    >
    > and "sh ip arp" don't gives the ip address, i suppose because my 2950
    > is not
    > router (L3 Routing), so, no arp table on catalyst 2950.
    >
    > So, i need to report all ip address of hosts connected to the catalyst
    > 2950.
    > How can i do it ?
    >
    > Thank You very much for your help
    >
    > Best Regards
    > NS
    >
    >
     
    ED, Oct 6, 2004
    #3
  4. ns

    Hansang Bae Guest

    In article <>, says...
    > Hi,
    >
    > By using Catalyst 2950-48, how it's possible to know ip address of host by
    > giving the mac-address ?
    >
    > For the moment, i juste know the mac-address of network card connected to
    > the specified port. For exemple :
    >
    > #sh mac-address-table
    > 40 0004.758a.549z DYNAMIC Fa0/1
    >
    > and "sh ip arp" don't gives the ip address, i suppose because my 2950 is not
    > router (L3 Routing), so, no arp table on catalyst 2950.
    >
    > So, i need to report all ip address of hosts connected to the catalyst 2950.
    > How can i do it ?
    >
    > Thank You very much for your help


    You can't get L3 information from an L2 device. But if your management
    VLAN is in the same subnet as the users, ping the IPs from your switch
    and do a sho arp. Or you can do a "sho ip arp" from the router and
    match up the IP/MAC to the MAC on the switch.

    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
     
    Hansang Bae, Oct 6, 2004
    #4
  5. NS,
    Correct me if I am wrong group, but the 2950 I think does keep an
    ARP table, it just doesn't use the ARP entries for L2 switching. In
    theory, if the switch has an IP address and the device attached to the
    switch can successfully ping it, the switch should keep that devices
    IP address in it's ARP table until it ages out. I think the switch
    will only pick the device up in it's ARP table if you ping it directly
    and not just ping through it. This is obviously not the solution you
    were looking for, but if you were in a fix or something it might be
    possible to get that information from the switch.

    Good luck
    -Robert

    "ns" <> wrote in message news:<>...
    > Hi,
    >
    > By using Catalyst 2950-48, how it's possible to know ip address of host by
    > giving the mac-address ?
    >
    > For the moment, i juste know the mac-address of network card connected to
    > the specified port. For exemple :
    >
    > #sh mac-address-table
    > 40 0004.758a.549z DYNAMIC Fa0/1
    >
    > and "sh ip arp" don't gives the ip address, i suppose because my 2950 is not
    > router (L3 Routing), so, no arp table on catalyst 2950.
    >
    > So, i need to report all ip address of hosts connected to the catalyst 2950.
    > How can i do it ?
    >
    > Thank You very much for your help
    >
    > Best Regards
    > NS
     
    Robert B. Phillips II, Oct 6, 2004
    #5
  6. ns

    ns Guest

    Hi,

    Thank your for your answer.

    i have multiples VLAN and i don't have router on the VLAN in question.
    i can get mac address from windows machine by pinging the hosts and run
    "arp -a" from windows.

    i need to find association between mac-address and ip address directly from
    switche 2950, and it's maybe not possible ! :(

    Thanks a lot ;)

    Best Regards
    NS


    "Paul Kendall" <> a écrit dans le message de
    news:l8V8d.77037$...
    > I think you are looking for information that is not available in the 2950.
    > the 2950 is a switch so is only aware of layer 2 protocols.
    >
    > You will have to work back to your router...You should simple be able to
    > show arp on the router and cross-reference the MAC addresses in both

    devices
    > to determine the information that you are looking for.
    >
    > I think you are right on the money with your command just on the wrong
    > device. I just looked at our Router and Switches and was able to make the
    > associations. you should be good to go.
    >
    > Let me know if that helps or not
    >
    > Paul Kendall.
    > "ns" <> wrote in message news:...
    > > Hi,
    > >
    > > By using Catalyst 2950-48, how it's possible to know ip address of host

    by
    > > giving the mac-address ?
    > >
    > > For the moment, i juste know the mac-address of network card connected

    to
    > > the specified port. For exemple :
    > >
    > > #sh mac-address-table
    > > 40 0004.758a.549z DYNAMIC Fa0/1
    > >
    > > and "sh ip arp" don't gives the ip address, i suppose because my 2950 is
    > > not
    > > router (L3 Routing), so, no arp table on catalyst 2950.
    > >
    > > So, i need to report all ip address of hosts connected to the catalyst
    > > 2950.
    > > How can i do it ?
    > >
    > > Thank You very much for your help
    > >
    > > Best Regards
    > > NS
    > >
    > >

    >
    >
     
    ns, Oct 8, 2004
    #6
  7. ns

    ns Guest

    Hi,

    <sh ip route> is not implemented on 2950. it's used for L3.

    ThankYou

    NS

    "ED" <> a écrit dans le message de
    news:YaV8d.2167$Ua.836@trndny01...
    > sh ip route
    >
    >
    > "ns" <> wrote in message
    > news:...
    > > Hi,
    > >
    > > By using Catalyst 2950-48, how it's possible to know ip address of
    > > host by
    > > giving the mac-address ?
    > >
    > > For the moment, i juste know the mac-address of network card connected
    > > to
    > > the specified port. For exemple :
    > >
    > > #sh mac-address-table
    > > 40 0004.758a.549z DYNAMIC Fa0/1
    > >
    > > and "sh ip arp" don't gives the ip address, i suppose because my 2950
    > > is not
    > > router (L3 Routing), so, no arp table on catalyst 2950.
    > >
    > > So, i need to report all ip address of hosts connected to the catalyst
    > > 2950.
    > > How can i do it ?
    > >
    > > Thank You very much for your help
    > >
    > > Best Regards
    > > NS
    > >
    > >

    >
    >
     
    ns, Oct 8, 2004
    #7
  8. ns

    ns Guest

    Hi,

    i cannot ping ip address... because it's exactly what's i need to know !
    i have mac-address and i need to know ip address associated to this mac.

    And when i ping one host connected to the 2950, the <sh ip arp> don't print
    mac address of the host pingued !

    At the end, i need to know ip address of all the hosts connected to the
    2950.

    ThankYou very much
    NS


    "Hansang Bae" <> a écrit dans le message de
    news:...
    > In article <>, says...
    > > Hi,

    >
    > You can't get L3 information from an L2 device. But if your management
    > VLAN is in the same subnet as the users, ping the IPs from your switch
    > and do a sho arp. Or you can do a "sho ip arp" from the router and
    > match up the IP/MAC to the MAC on the switch.
    >
    > --
    >
    > hsb
    >
    > "Somehow I imagined this experience would be more rewarding" Calvin
    > *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    > ********************************************************************
    > Due to the volume of email that I receive, I may not not be able to
    > reply to emails sent to my account. Please post a followup instead.
    > ********************************************************************
     
    ns, Oct 8, 2004
    #8
  9. ns

    ns Guest

    Hi Robert,

    Exactly, i can print arp table of 2950 by running <sh ip arp> but the list
    is very small :)

    As i mentionned on the previous message,
    When i ping (FROM 2950) one host connected to the 2950, the <sh ip arp>
    don't print mac address of the host pingued !

    It's seem not possible to associate mac and ip address from switch 2950.
    I think that a only solution to do it is by hand :) (manually by using file
    listing mac-address...)

    My L3 switches and routers are connected to another networks, so, i can't
    have information from this hosts and routing is not enabled to access to the
    network provided by my 2950.

    ThankYou very much
    NS


    "Robert B. Phillips II" <> a écrit dans le message de
    news:...
    > NS,
    > Correct me if I am wrong group, but the 2950 I think does keep an
    > ARP table, it just doesn't use the ARP entries for L2 switching. In
    > theory, if the switch has an IP address and the device attached to the
    > switch can successfully ping it, the switch should keep that devices
    > IP address in it's ARP table until it ages out. I think the switch
    > will only pick the device up in it's ARP table if you ping it directly
    > and not just ping through it. This is obviously not the solution you
    > were looking for, but if you were in a fix or something it might be
    > possible to get that information from the switch.
    >
    > Good luck
    > -Robert
     
    ns, Oct 8, 2004
    #9
  10. In article <>, ns <> wrote:
    :And when i ping one host connected to the 2950, the <sh ip arp> don't print
    :mac address of the host pingued !

    :At the end, i need to know ip address of all the hosts connected to the
    :2950.

    The behaviour you are seeing is as expected. The 2950 only keeps
    arp entries for the devices that talk to the 2950 management layer;
    everything else is flow-through.

    Even if the 2950 was a layer 3 device (e.g., if you had a 3550 instead),
    you would still run into the difficulty that the arp table ages out
    entries in about 3 minutes [not exactly true for 'fast path' switching
    on Cisco routers: according to something I read earlier today, 'fast'
    switching randomly invalidates 20% of the ARP table every minute to
    compensate for the fact that the later packets in the flow bypass the
    processing that would update the ARP tables.] If you don't happen to
    catch the entry in that L3 device within the 3 minute window, then you
    won't be able to find the IP address by asking the L3 device. This
    is, as you have noticed, a big pain when you are trying to track
    down which IP belongs with which MAC.

    You have several possible avenues to proceed:

    1) send broadcast packets to all of your subnets from "beyond"
    the next L3 device [so that the responses flow through the L3 device],
    hope the devices all answer the broadcast, and then look at the ARP tables
    on the L3 device before the ARP entries. With this approach, you can't just
    ping [or whatever] from the near side of the L3 device, as the responses
    in that case will travel through the L2 switches path to get to you
    and will not be registered by the L3 device. But this depends on
    you having access to the L3 device and upon you being able to read
    out the entire ARP table before the responses time out and upon
    the device responding to your probe packet.

    2) SPAN or RSPAN all of the traffic going through the 2950 to a port,
    and have a device with monitoring software attached to that port that
    records MAC and IP addresses, such as by looking at ARP reply packets.
    time out. Be careful, though: I don't know about the 2950, but I have
    seen on some switches that when packets get spanned (or "mirrored")
    that the source MAC address might get replaced with the MAC address
    associated with the port you are spanning to. This mechanism
    should, though, be able to track the target host if it "talks" at all
    during the monitoring window.

    3) If you have reason to believe that all of the IP addresses you are
    trying to track down will be in the same subnet as you are, then you
    can attach monitoring software to any port on the 2950 that is in the
    same VLAN as the suspected target, and then have the monitoring
    host send a broadcast packet to that IP subnet. If the device is amongst
    those that respond, read the IP source out of the reply packet.
    But the device might not respond to your probe packet.

    4) If you have reason to believe that all of the IP addresses you are
    trying to track down will be in the same vlan as you are, then you
    can attach monitoring software to any port on the 2950 that is in
    that vlan and passively watch for ARP or other broadcast packets that
    originate from the target MAC and read out the IP addresses on those.
    This relies on the fact that the when a switch does not know which
    port a destination MAC is associated with, that it floods the packet
    to all ports in the same vlan, so anything you receive at the
    monitoring host will be a flooded packet such as a broadcast packet.
    This mechanism should be able to track the target host if it happens
    to send a broadcast packet during the monitoring window... which is
    likely but not always the case (e.g., servers that receive requests
    and reply within the ARP timeout period will know the target MAC
    from request packet, and so might never need to send out an ARP or
    other broadcast packet.)
    --
    Reviewers should be required to produce a certain number of
    negative reviews - like police given quotas for handing out
    speeding tickets. -- The Audio Anarchist
     
    Walter Roberson, Oct 8, 2004
    #10
  11. ns

    ns Guest

    Hi,

    Many Thanks for your answer

    Best Regards
    NS


    "Walter Roberson" <-cnrc.gc.ca> a écrit dans le message de
    news:ck6ms0$9t0$...
    > In article <>, ns <> wrote:
    > :And when i ping one host connected to the 2950, the <sh ip arp> don't

    print
    > :mac address of the host pingued !
    >
    > :At the end, i need to know ip address of all the hosts connected to the
    > :2950.
    >
    > The behaviour you are seeing is as expected. The 2950 only keeps
    > arp entries for the devices that talk to the 2950 management layer;
    > everything else is flow-through.
    >
    > Even if the 2950 was a layer 3 device (e.g., if you had a 3550 instead),
    > you would still run into the difficulty that the arp table ages out
    > entries in about 3 minutes [not exactly true for 'fast path' switching
    > on Cisco routers: according to something I read earlier today, 'fast'
    > switching randomly invalidates 20% of the ARP table every minute to
    > compensate for the fact that the later packets in the flow bypass the
    > processing that would update the ARP tables.] If you don't happen to
    > catch the entry in that L3 device within the 3 minute window, then you
    > won't be able to find the IP address by asking the L3 device. This
    > is, as you have noticed, a big pain when you are trying to track
    > down which IP belongs with which MAC.
    >
    > You have several possible avenues to proceed:
    >
    > 1) send broadcast packets to all of your subnets from "beyond"
    > the next L3 device [so that the responses flow through the L3 device],
    > hope the devices all answer the broadcast, and then look at the ARP tables
    > on the L3 device before the ARP entries. With this approach, you can't

    just
    > ping [or whatever] from the near side of the L3 device, as the responses
    > in that case will travel through the L2 switches path to get to you
    > and will not be registered by the L3 device. But this depends on
    > you having access to the L3 device and upon you being able to read
    > out the entire ARP table before the responses time out and upon
    > the device responding to your probe packet.
    >
    > 2) SPAN or RSPAN all of the traffic going through the 2950 to a port,
    > and have a device with monitoring software attached to that port that
    > records MAC and IP addresses, such as by looking at ARP reply packets.
    > time out. Be careful, though: I don't know about the 2950, but I have
    > seen on some switches that when packets get spanned (or "mirrored")
    > that the source MAC address might get replaced with the MAC address
    > associated with the port you are spanning to. This mechanism
    > should, though, be able to track the target host if it "talks" at all
    > during the monitoring window.
    >
    > 3) If you have reason to believe that all of the IP addresses you are
    > trying to track down will be in the same subnet as you are, then you
    > can attach monitoring software to any port on the 2950 that is in the
    > same VLAN as the suspected target, and then have the monitoring
    > host send a broadcast packet to that IP subnet. If the device is amongst
    > those that respond, read the IP source out of the reply packet.
    > But the device might not respond to your probe packet.
    >
    > 4) If you have reason to believe that all of the IP addresses you are
    > trying to track down will be in the same vlan as you are, then you
    > can attach monitoring software to any port on the 2950 that is in
    > that vlan and passively watch for ARP or other broadcast packets that
    > originate from the target MAC and read out the IP addresses on those.
    > This relies on the fact that the when a switch does not know which
    > port a destination MAC is associated with, that it floods the packet
    > to all ports in the same vlan, so anything you receive at the
    > monitoring host will be a flooded packet such as a broadcast packet.
    > This mechanism should be able to track the target host if it happens
    > to send a broadcast packet during the monitoring window... which is
    > likely but not always the case (e.g., servers that receive requests
    > and reply within the ARP timeout period will know the target MAC
    > from request packet, and so might never need to send out an ARP or
    > other broadcast packet.)
    > --
    > Reviewers should be required to produce a certain number of
    > negative reviews - like police given quotas for handing out
    > speeding tickets. -- The Audio Anarchist
     
    ns, Oct 12, 2004
    #11
  12. ns

    Jean Morin Guest

    "ns" <> wrote in message news:<>...
    > Hi,
    >
    > By using Catalyst 2950-48, how it's possible to know ip address of host by
    > giving the mac-address ?
    >
    > For the moment, i juste know the mac-address of network card connected to
    > the specified port. For exemple :
    >
    > #sh mac-address-table
    > 40 0004.758a.549z DYNAMIC Fa0/1
    >
    > and "sh ip arp" don't gives the ip address, i suppose because my 2950 is not
    > router (L3 Routing), so, no arp table on catalyst 2950.
    >
    > So, i need to report all ip address of hosts connected to the catalyst 2950.
    > How can i do it ?
    >
    > Thank You very much for your help
    >
    > Best Regards
    > NS


    Don't know if this off topic but here goes:

    I had the same problem until I installed a Linux box (Fedora) to run a
    variety of scripts on my network (MRTG traffic per port switch and
    such) and I installed ARPWATCH to do exactly what you require.

    Just issue a yum install arpwatch on a configured Linux Fedora box
    and you will start to get emails as soon as new MACs are added (you
    will also get the IP address). Don't forget to do a service arpwatch
    start and a chkconfig arpwatch on so it will restart automatically
    if Linux reboots.

    I wrote a Perl script that reads all the ports of all the switches on
    my network every 5 minutes and builds up a rough web page with who is
    connected to what port (MAC, IP and reverse lookup on the IP address).
    I use the /var/arpwatch/arp.dat- file to do my stuff.

    If you need help, let me know.
     
    Jean Morin, Oct 18, 2004
    #12
  13. ns

    ns Guest

    Thank You very much for your message.
    I will try ARPWATCH !! I have Linux REDHAT. i hope that arpwatch can be
    installed under Redhat

    Many thanks a gain.

    Best Regards
    NS

    >
    > I had the same problem until I installed a Linux box (Fedora) to run a
    > variety of scripts on my network (MRTG traffic per port switch and
    > such) and I installed ARPWATCH to do exactly what you require.
    >
    > Just issue a yum install arpwatch on a configured Linux Fedora box
    > and you will start to get emails as soon as new MACs are added (you
    > will also get the IP address). Don't forget to do a service arpwatch
    > start and a chkconfig arpwatch on so it will restart automatically
    > if Linux reboots.
    >
    > I wrote a Perl script that reads all the ports of all the switches on
    > my network every 5 minutes and builds up a rough web page with who is
    > connected to what port (MAC, IP and reverse lookup on the IP address).
    > I use the /var/arpwatch/arp.dat- file to do my stuff.
    >
    > If you need help, let me know.
     
    ns, Oct 18, 2004
    #13
  14. ns

    ns Guest

    Hi Jean,

    Can y ou tell me where can i find documentation to install ARPWATCH please ?

    Thanks a lot

    Best Regards
    NS


    "Jean Morin" <> a écrit dans le message de
    news:...
    > "ns" <> wrote in message

    news:<>...
    > > Hi,
    > >
    > > By using Catalyst 2950-48, how it's possible to know ip address of host

    by
    > > giving the mac-address ?
    > >
    > > For the moment, i juste know the mac-address of network card connected

    to
    > > the specified port. For exemple :
    > >
    > > #sh mac-address-table
    > > 40 0004.758a.549z DYNAMIC Fa0/1
    > >
    > > and "sh ip arp" don't gives the ip address, i suppose because my 2950 is

    not
    > > router (L3 Routing), so, no arp table on catalyst 2950.
    > >
    > > So, i need to report all ip address of hosts connected to the catalyst

    2950.
    > > How can i do it ?
    > >
    > > Thank You very much for your help
    > >
    > > Best Regards
    > > NS

    >
    > Don't know if this off topic but here goes:
    >
    > I had the same problem until I installed a Linux box (Fedora) to run a
    > variety of scripts on my network (MRTG traffic per port switch and
    > such) and I installed ARPWATCH to do exactly what you require.
    >
    > Just issue a yum install arpwatch on a configured Linux Fedora box
    > and you will start to get emails as soon as new MACs are added (you
    > will also get the IP address). Don't forget to do a service arpwatch
    > start and a chkconfig arpwatch on so it will restart automatically
    > if Linux reboots.
    >
    > I wrote a Perl script that reads all the ports of all the switches on
    > my network every 5 minutes and builds up a rough web page with who is
    > connected to what port (MAC, IP and reverse lookup on the IP address).
    > I use the /var/arpwatch/arp.dat- file to do my stuff.
    >
    > If you need help, let me know.
     
    ns, Oct 18, 2004
    #14
  15. On 18.10.2004 16:49 ns wrote:

    > Hi Jean,
    >
    > Can y ou tell me where can i find documentation to install ARPWATCH please ?
    >
    > Thanks a lot
    >


    fetch the package at ftp://ftp.ee.lbl.gov/arpwatch.tar.gz. There is a
    description included.




    Arnold
    --
    Arnold Nipper, AN45
     
    Arnold Nipper, Oct 18, 2004
    #15
  16. ns

    ns Guest

    I gunzip file, i complied and make file...

    I find new file on /etc/log.d

    But, the config seem not clear ?!

    Thanks a lot

    "Arnold Nipper" <> a écrit dans le message de
    news:cl0lfg$v0o$...
    > On 18.10.2004 16:49 ns wrote:
    >
    > > Hi Jean,
    > >
    > > Can y ou tell me where can i find documentation to install ARPWATCH

    please ?
    > >
    > > Thanks a lot
    > >

    >
    > fetch the package at ftp://ftp.ee.lbl.gov/arpwatch.tar.gz. There is a
    > description included.
    >
    >
    >
    >
    > Arnold
    > --
    > Arnold Nipper, AN45
     
    ns, Oct 18, 2004
    #16
  17. ns

    Jean Morin Guest

    "ns" <> wrote in message news:<>...
    > Hi Jean,
    >
    > Can y ou tell me where can i find documentation to install ARPWATCH please ?
    >
    > Thanks a lot
    >
    > Best Regards
    > NS
    >
    >


    You could simply download the rpm from

    http://rpmfind.net/linux/rpm2html/search.php?query=arpwatch&submit=Search ...
    (sometimes rpmfind is quite busy)

    *For example*, you could issue:
    cd /tmp
    wget ftp://rpmfind.net/linux/redhat/updates/9/en/os/i386/arpwatch-2.1a11-7.9.1.i386.rpm

    then
    rpm -Uhv arpwatch-2.1a11-7.9.1.i386.rpm

    Let RPM do its magic ! :)

    You need to make sure you can send emails with your Linux box (try
    mail ). You can change to whom the messages are sent to
    by modifying the /etc/sysconfig/arpwatch filewith your favorite
    editor

    Or by changing the /etc/aliases file (add root: at the
    end)

    Finally, type
    service arpwatch start (to start the daemon)
    chkconfig arpwatch on (to make sure it restarts when Linux
    restarts)

    If you have more questions, please feel free to ask!

    Jean.


    > "Jean Morin" <> a écrit dans le message de
    > news:...
    > > "ns" <> wrote in message

    > news:<>...
    > > > Hi,
    > > >
    > > > By using Catalyst 2950-48, how it's possible to know ip address of host

    > by
    > > > giving the mac-address ?
    > > >
    > > > For the moment, i juste know the mac-address of network card connected

    > to
    > > > the specified port. For exemple :
    > > >
    > > > #sh mac-address-table
    > > > 40 0004.758a.549z DYNAMIC Fa0/1
    > > >
    > > > and "sh ip arp" don't gives the ip address, i suppose because my 2950 is

    > not
    > > > router (L3 Routing), so, no arp table on catalyst 2950.
    > > >
    > > > So, i need to report all ip address of hosts connected to the catalyst

    > 2950.
    > > > How can i do it ?
    > > >
    > > > Thank You very much for your help
    > > >
    > > > Best Regards
    > > > NS

    > >
    > > Don't know if this off topic but here goes:
    > >
    > > I had the same problem until I installed a Linux box (Fedora) to run a
    > > variety of scripts on my network (MRTG traffic per port switch and
    > > such) and I installed ARPWATCH to do exactly what you require.
    > >
    > > Just issue a yum install arpwatch on a configured Linux Fedora box
    > > and you will start to get emails as soon as new MACs are added (you
    > > will also get the IP address). Don't forget to do a service arpwatch
    > > start and a chkconfig arpwatch on so it will restart automatically
    > > if Linux reboots.
    > >
    > > I wrote a Perl script that reads all the ports of all the switches on
    > > my network every 5 minutes and builds up a rough web page with who is
    > > connected to what port (MAC, IP and reverse lookup on the IP address).
    > > I use the /var/arpwatch/arp.dat- file to do my stuff.
    > >
    > > If you need help, let me know.
     
    Jean Morin, Oct 20, 2004
    #17
  18. ns

    ns Guest

    Thank You very much Jean for your help.

    i will do it.

    Best Regards
    NS

    "Jean Morin" <> a écrit dans le message de
    news:...
    > "ns" <> wrote in message

    news:<>...
    > > Hi Jean,
    > >
    > > Can y ou tell me where can i find documentation to install ARPWATCH

    please ?
    > >
    > > Thanks a lot
    > >
    > > Best Regards
    > > NS
    > >
    > >

    >
    > You could simply download the rpm from
    >
    >

    http://rpmfind.net/linux/rpm2html/search.php?query=arpwatch&submit=Search ...
    > (sometimes rpmfind is quite busy)
    >
    > *For example*, you could issue:
    > cd /tmp
    > wget

    ftp://rpmfind.net/linux/redhat/updates/9/en/os/i386/arpwatch-2.1a11-7.9.1.i386.rpm
    >
    > then
    > rpm -Uhv arpwatch-2.1a11-7.9.1.i386.rpm
    >
    > Let RPM do its magic ! :)
    >
    > You need to make sure you can send emails with your Linux box (try
    > mail ). You can change to whom the messages are sent to
    > by modifying the /etc/sysconfig/arpwatch filewith your favorite
    > editor
    >
    > Or by changing the /etc/aliases file (add root: at the
    > end)
    >
    > Finally, type
    > service arpwatch start (to start the daemon)
    > chkconfig arpwatch on (to make sure it restarts when Linux
    > restarts)
    >
    > If you have more questions, please feel free to ask!
    >
    > Jean.
    >
    >
    > > "Jean Morin" <> a écrit dans le message de
    > > news:...
    > > > "ns" <> wrote in message

    > > news:<>...
    > > > > Hi,
    > > > >
    > > > > By using Catalyst 2950-48, how it's possible to know ip address of

    host
    > > by
    > > > > giving the mac-address ?
    > > > >
    > > > > For the moment, i juste know the mac-address of network card

    connected
    > > to
    > > > > the specified port. For exemple :
    > > > >
    > > > > #sh mac-address-table
    > > > > 40 0004.758a.549z DYNAMIC Fa0/1
    > > > >
    > > > > and "sh ip arp" don't gives the ip address, i suppose because my

    2950 is
    > > not
    > > > > router (L3 Routing), so, no arp table on catalyst 2950.
    > > > >
    > > > > So, i need to report all ip address of hosts connected to the

    catalyst
    > > 2950.
    > > > > How can i do it ?
    > > > >
    > > > > Thank You very much for your help
    > > > >
    > > > > Best Regards
    > > > > NS
    > > >
    > > > Don't know if this off topic but here goes:
    > > >
    > > > I had the same problem until I installed a Linux box (Fedora) to run a
    > > > variety of scripts on my network (MRTG traffic per port switch and
    > > > such) and I installed ARPWATCH to do exactly what you require.
    > > >
    > > > Just issue a yum install arpwatch on a configured Linux Fedora box
    > > > and you will start to get emails as soon as new MACs are added (you
    > > > will also get the IP address). Don't forget to do a service arpwatch
    > > > start and a chkconfig arpwatch on so it will restart automatically
    > > > if Linux reboots.
    > > >
    > > > I wrote a Perl script that reads all the ports of all the switches on
    > > > my network every 5 minutes and builds up a rough web page with who is
    > > > connected to what port (MAC, IP and reverse lookup on the IP address).
    > > > I use the /var/arpwatch/arp.dat- file to do my stuff.
    > > >
    > > > If you need help, let me know.
     
    ns, Oct 21, 2004
    #18
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dmitry
    Replies:
    0
    Views:
    3,638
    Dmitry
    Apr 1, 2004
  2. Tobias
    Replies:
    8
    Views:
    752
    Erik Tamminga
    Jun 17, 2004
  3. Pawel
    Replies:
    1
    Views:
    622
  4. Stefan Finzel
    Replies:
    2
    Views:
    682
    Thrill5
    May 15, 2009
  5. Neddy
    Replies:
    8
    Views:
    1,730
    Doug McIntyre
    May 27, 2009
Loading...

Share This Page