Pix arp table... (was: HP procurve network scan...)

[fozzy]

Hello forum,
I'm trying to get mactrack to work in an HP network environment.. the main problem is i seem to be unable to get the router part to work... a 9304 is running as L3 switch but i can't get any ip address information. The L2 switches report their known mac addresses correctly.

Has anybody used this device before in mactrack?

Any hint would be appreciated.

Thank you, Luca

[fozzy]

the 9300 hasnothing to do with it... default gateway is a pix...
have to look at this...

thanks.

Luca

[fozzy]

so the problem was the 9304 isn't fdefault gateway.. teh DG is pix firewall... but th epix doesn't return iptomedia via snmp... (running 6.3(5))

I'm thinking about getting the arp contents via a telnet and "sh arp" and then throwing the contents on the server somehow and read them via SNMP...

anybody done this before?

Thank you again, Luca

[fabio]

Hi Luca,

you can check the MIBs supported exactly for your Cisco product and the IOS or sw image in the following link:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

Forget me if you already knew this.

Regards,

Fabian.

[fabio]

Hi Luca,

try with RFC1213 MIB, atTable (Address Translation Table).

Nevertheless I cannot get the correlation between ARP tables of my routers and firewalls and MAC tables of my switches with the MAC IP Report. Do yo know if I am missing something?

Best regards,

Fabian.

[TheWitness]

Fabian,

Can you do a GotoMeeting. I would like to see this myself.

TheWitness
(author of MacTrack)

[fabio]

Hi TheWitness,

I don't know what is GotoMeeting, is it an application?

If you want I can give you access to my cacti via http directly from Internet.

Thank you for your attention.

Regards,

Fabian.

[TheWitness]

If you have a Windows box, goto the link below. I will be waiting...

TheWitness

Please join my meeting at
https://www.gotomeeting.com/join/472280666
Conference Call: Dial (563) 843-7010, access code 472-280-666
Meeting ID: 472-280-666

GoToMeeting(TM)
Online Meetings Made Easy

[fozzy]

Hello Fabian thanks for your answer, unluckily the atTable is not available at all....

Luca

[fabio]

You are right, I checked it with TheWitness, damned PIX !

Cheers,

Fabian.

[TheWitness]

Can you ssh a command on the PIX and return the values that way?

Thewitness

[fozzy]

yes, i was thinking of something like that, having the output of a sh arp (which works), made by the linux machine, in some SNMP table.... not sure how to do it... is it possible?

Luca

[fabio]

Hi Luca,

it is possible, of course, even though I haven't made scripts different than snmp_queries, but there are lot of examples in the template/scripts area.

If you get it, don't forget to upload it to this topic, some of us would be very thankful.

Best regards,

Fabian.

[fozzy]

i will have a look there

thank you.

Luca

[TheWitness]

you would either have to write the script to run "rsh" or "ssh" to the pix and then echo/print back the arp table using the script. That information would then be returned via php in an array if using the "file" command and "ssh" wrappers, or via a file descriptor if using the popen method.

Before going down the file method, make sure that PHP has a valid ssh wrapper in PHP version 5.1.x and above. I don't plan on ever supporting PHP 4.x.

TheWitness

Here are the ssh2 wrappers:

http://us2.php.net/manual/en/wrappers.ssh2.php

Here is the file command:

http://us2.php.net/manual/en/function.file.php

Here is the popen command:

http://us2.php.net/manual/en/function.popen.php

There are lot's of coding examples. Have fun. When you are done, I will integrate into the overall package.