Host tracking on Cisco switch/routers using perl script

Discussion in 'Cisco' started by PeperG, Feb 7, 2007.

  1. PeperG

    PeperG Guest

    I am trying to set up a way to track the host on my network using a
    Perl script. I dont want to telnet in to the device using
    Net::Telnet::Cisco. I am thinking using Net::SNMP and the ro community
    string will be a bit more secure. Any one have any good pointers or
    experience doing this on CatOS and IOS devices?

    Peper
     
    PeperG, Feb 7, 2007
    #1
    1. Advertisements

  2. What kind of host tracking did you want to do?
    I did some things up in a mix of perl and ksh to do the kinds
    of tracking that -I- needed, but different people have different
    ideas about what's important.

    In some ways, the code is quite straight forward: send a probe,
    record the response in a data structure, repeat, and at the end
    interpret the data combinations into printable format.

    On the other hand, the code isn't quite so straight forward, because
    of an important factor that you will seldom find documented:

    SNMP agents lie. Repeatedly.

    Thus it takes a non-trivial amount of experience with networks and SNMP
    to figure out what the agents are lying about, how to get around
    the lies, and how to best account for the inconsistancies that you
    will find in the data structures.

    If you have more financial budget than time budget, I'd recommend
    obtaining a pre-written tool. You -can- write the tools "free",
    but the time investment required is fairly noticable -- not "huge"
    but not "just a couple of days" either.


    You will likely find, by the way, that the best way to proceed is
    to fetch the OIDs and just record the responses, as quickly as you
    can (so that you get the most consistant view of what was happening
    at a particular time); and only after you have recorded the responses
    do you proceed to the parsing and data analysis phase. If you record
    the raw SNMP responses before analysis, then you will later be able to
    go back and do other kinds of analysis. For example, if you want
    a report on all the ports that are acting like trunk ports (darn
    user-installed switches!), and then you want a report on the VLAN
    setup of the switches, you don't want to have to have it go back
    and rescan all the switches: you want to be able to make use of
    anything you already happened to record. And when you are tracking
    wayword systems, you want to be able to track timing patterns to
    give you a better idea of who is using the system. And so on.
    Record once, analyze repeatedly.
     
    Walter Roberson, Feb 8, 2007
    #2
    1. Advertisements


  3. http://www.cc-lan.fraunhofer.de/projekte/tirith/
     
    Danick Veenstra, Feb 8, 2007
    #3
  4. PeperG

    PeperG Guest

    What I am thinking to start is to use the OID on the router to pull
    the arp table from the core routers and then use the OID on the switch
    to pull the cam table. Once I have them I want to then mesh them
    ignoring the trunk ports for now to come up with a report that will
    show me an IP, MAC, Switch, Switch Port. I dont have the expenses to
    buy something and there are things that I want to later build upon it
    like pulling information out of our asset db to get machine names
    locations on the floor and stuff like that.

    Any assistance or if someone would like to mentor a budding script
    writer I would greatly appreciate any assistance.

    Peper
     
    PeperG, Feb 8, 2007
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.