For my project I need to download mac table from switch and do it as fast as possible. Official solution is kind of slow. It requires to get list of all Vlan's, and for each one trigger separate call of snmpwalk with OID=.1.3.6.1.2.1.17.4.3.1.1 and community string indexed with vlan number. It can take significant amount of time, since number of vlan's on our switches ranges in tens.
Is there a way to get all mac addresses from mac table at once(some special community index representing all available vlan indexes)?
Thanks in advance..
I think BRIDGE-MIB::dot1dTpFdbTable (1.3.6.1.2.1.17.4.3) will do the job. One can simply retrieve dot1dTpFdbPort (1.3.6.1.2.1.17.4.3.1.2) to retrieve learned MAC -> PORT table. For my DLINK DGS-1216T I can get mac-to-port table from my Linux box by this command:
$ snmpwalk -O0sUX -v2c -Cc -c public 192.168.0.1 BRIDGE-MIB::dot1dTpFdbPort
Additionally I found extra (17th) port number for maintenance MAC.
Do you try to retreive the ipNetToMediaTable ({iso(1) identified-organization(3) dod(6) internet(1) mgmt(2) mib-2(1) ip(4) ipNetToMediaTable(22)} or 1.3.6.1.2.1.4.22) from your switch management address. It represents the IP Address Translation table used for mapping from IP addresses to physical addresses.
----EDIT----
If you want to Use SNMP to Find a Port Number from a MAC Address on a Catalyst Switch with a minimum of frames you can us a Get-Bulk PDU, it assume that you switch is SNMP V2c.
Related
Is there a way through Windows API to determine which is the primary/default network adapter?
For example, if I have a PC with two network cards, I need to know which one is used by the system to access internet, similarly if I have a network adapter and a virtual adapter.
I tried with GetAdaptersAddresses but it doesn't show which is the favourite one, maybe with GetBestInterface?
How about using GetAdaptersInfo and looking for an IP range that satisfies your requirement?
Alternatively, came across this (WMI):
https://msdn.microsoft.com/en-us/library/windows/desktop/aa394216(v=vs.85).aspx
~snip:
Once you have done so, you will likely have reduced your list to one
or two configured adapters.
You can also use the following procedure to find the default adapter:
Run the following query: "SELECT InterfaceIndex, Destination FROM Win32_IP4RouteTable WHERE Destination='0.0.0.0'" You should only have
one default network destination 0.0.0.0.
Use the InterfaceIndex to retrieve the Network Adapter you want. "SELECT * FROM Win32_NetworkAdapter WHERE InterfaceIndex=" +
insertVariableHere
Here's a CodeProject article claiming to determine the default:
http://www.codeproject.com/Articles/13421/Getting-the-Physical-MAC-address-of-a-Network-Inte
Getting the Physical (MAC) address of a Network Interface Card and finding out if it is the primary adapter on a multi-homed system
Finding out if the adapter with the given index is the primary adapter
In order to find out if the adapter with the given index is the
primary adapter, I had to add a function to the dialog class
CNetCfgDlg. This code iterates over the m_pAdapters array, comparing
the given adapter index with the index for each adapter in the array.
If the given adapter index is equal to the smallest index of all
adapters in the array, then it is the primary adapter
And one more thing to consider, is there's the 'Automatic Metric' setting for each adapter which seems to choose the lowest setting as the preferred (although not sure how to access this metric setting programmatically):
http://www.softminer.net/2011/09/setting-default-network-adapter-in.html
This SO Answer explains how to determine the local IP address used to connect to the Internet (like Google's DNS servers), you can then compare this local IP address with the list returned by GetAdaptersAddresses to determine which network card was used for Internet Access.
I'm working with SNMP and was given a command to use. However, I'm trying to break it down into its components so I can understand if I need to change anything. I've found documentation on pretty much everything except for the last part.
The command has this structure:
snmpwalk -v 2c -c communityname address.com .1
From my understanding the meaning of this structure is:
snmpwalk - command
-v 2c - specifies that the version is 2c, options are 1, 2c, 3
-c communityname - specifies the community name, which is like a password to an extent
address.com - the address of the computer in question
.1 - What is this ? I can't seem to find much documentation on it.
man snmpwalk and snmpwalk -h should give you the info you need on the various parameters.
The .1 is the OID and it is an optional parameter to that command, and it pinpoints a point in the hierarchical SNMP MIB on the SNMP agent host. The walk will retrieve all OIDs "below" that point.
Have a read at http://www.net-snmp.org and get a SNMP book to learn about SNMP and MIBs and OIDs; but quoting from SNMP wikipedia article:
SNMP itself does not define which information (which variables) a
managed system should offer. Rather, SNMP uses an extensible design,
where the available information is defined by management information
bases (MIBs). MIBs describe the structure of the management data of a
device subsystem; they use a hierarchical namespace containing object
identifiers (OID). Each OID identifies a variable that can be read or
set via SNMP.
EDIT: Here is image to show the OID tree with ".1" i.e. ISO just below the root.
I'm developing an inventory and audit of laboratories in our school. It needs to keep track if there are transfers of PCs in each laboratory. Each lab has its own network. So it's not even possible to know the transfers if by ip address alone. Is it possible to get data from the port of the switch the PCs are connected to?
Yes, if your switches support SNMP. You can track the PCs by the MAC addresses of their network interface cards (as long as they don't change). There is a few OIDs that might be interesting for getting this info. First of them is:
1.3.6.1.2.1.17.4.3.1.1 (dot1dTpFdbAddress):
A unicast MAC address for which the bridge has forwarding and/or filtering information.
If your network is really simple like one switch for the lab, no VLANs, etc. you can just walk the first OID and get the MAC addresses from the switch, cross-reference them with your database of PCs and check whatever you need to check.
If you do have VLANs or there are multiple labs connected to the single switch you would need to go deeper and find the port to which the PC is connected.
1.3.6.1.2.1.17.4.3.1.2 (dot1dTpFdbPort):
Either the value "0", or the port number of the port on which a frame having a source address equal to the value of the corresponding instance of dot1dTpFdbAddress has been seen.
1.3.6.1.2.1.17.1.4.1.2 (dot1dBasePortIfIndex):
The value of the instance of the ifIndex object, defined in MIB-II, for the interface corresponding to this port.
1.3.6.1.2.1.31.1.1.1.1 (ifName):
The textual name of the interface. The value of this object should be the name of the interface as assigned by the local device and should be suitable for use in commands entered at the device's `console'.
Below is the example (on some Linksys switch) of doing this manually but you can easily write a script to do just that and return the list of MAC addresses and ports they're learned on.
# snmpwalk -v2c -c "your_community" switch.example.com 1.3.6.1.2.1.17.4.3.1.1
SNMPv2-SMI::mib-2.17.4.3.1.1.64.85.57.242.44.224 = Hex-STRING: 40 55 39 F2 2C E0
Walking trough this OID will list all MAC addresses the switch has learned. In my example for simplicity there is only one MAC address (40:55:39:f2:2c:e0). Next you want to find the number of the bridge port that MAC address:
# snmpget -v2c -c "your_community" switch.example.com 1.3.6.1.2.1.17.4.3.1.2.64.85.57.242.44.224
SNMPv2-SMI::mib-2.17.4.3.1.2.64.85.57.242.44.224 = INTEGER: 6
The additional numbers you see in the OID are the dotted-decimal representation of the MAC address. After this you get the interface index from the bridge port number and finally the interface name (port name).
# snmpget -v2c -c "your_community" switch.example.com 1.3.6.1.2.1.17.1.4.1.2.6
SNMPv2-SMI::mib-2.17.1.4.1.2.6 = INTEGER: 6
# snmpget -v2c -c "your_community" switch.example.com 1.3.6.1.2.1.31.1.1.1.1.6
IF-MIB::ifName.6 = STRING: Port6
And you found out that a host with 40:55:39:f2:2c:e0 MAC address is connected to Port6. If you're dealing with some higher quality equipment (like Cisco) you should know that they might keep separate instances for each VLAN and use something called SNMP Community String Indexing where you add the Vlan index to your community string like this (for Vlan 123):
# snmpwalk -v2c -c "your_community"#123 switch.example.com 1.3.6.1.2.1.17.4.3.1.1
How to uniquely identify computer (mainboard) using C#(.Net/Mono, local application)?
Edition. We can identify mainboard in .Net using something like this (see Get Unique System Identifiers in C#):
using System.Management;
...
ManagementObjectSearcher searcher = new ManagementObjectSearcher("select * from Win32_MotherboardDevice");
...
But unfortunately Mono does not support System.Management. How to do it under Mono for Linux? - I don't know :(
Write a function that takes a few unique hardware parameters as input and generates a hash out of them.
For example, Windows activation looks at the following hardware characteristics:
Display Adapter
SCSI Adapter
IDE Adapter (effectively the motherboard)
Network Adapter (NIC) and its MAC Address
RAM Amount Range (i.e., 0-64mb, 64-128mb, etc.)
Processor Type
Processor Serial Number
Hard Drive Device
Hard Drive Volume Serial Number (VSN)
CD-ROM / CD-RW / DVD-ROM
You can pick up a few of them to generate your unique computer identifier.
Please see: Get Unique System Identifiers in C#
You realistically have MotherboardID, CPUID, Disk Serial and MAC address, from experience none of them are 100%.
Our stats show
Disk serial Is missing 0.1 %
MAC Is missing 1.3 %
Motherboard ID Is missing 30 %
CPUID Is missing 99 %
0.04% of machines tested yielded no information, we couldn't even read the computer name. It maybe that these were some kind of virtual PC, HyperV or VMWare instance, or maybe just very locked down? In any case your design has to be able to cope with these cases.
Disk serial is the most reliable, but easy to change, mac can be changed and depending on the filtering applied when reading it can change if device drivers are added (hyperv, wireshark etc).
Motherboard and CPUID sometimes return values that are invalid "NONE", "AAAA..", "XXXX..." etc.
You should also note that these functions can be very slow to call (they may take a few seconds even on a fast PC), so it may be worth kicking them off on a background thread as early as possible, you ideally don't want to be blocking on them.
Try this:
http://carso-owen.blogspot.com/2007/02/how-to-get-my-motherboard-serial-number.html
Personally though, I'd go with hard drive serial number. If a mainboard dies and is replaced, that PC isn't valid any more. If the HDD drive is replaced, it doesn't matter too much because the software was on it.
Of course, on the other hand, if the HDD is just moved elsewhere, the information goes with it, so you might want to look at a combination of serial numbers, depending what you want it for.
How about the MAC address of the network card?
I'm working on a script to map servers that are connected into our switches and routers. I have it working to map layer two ports, using the algorithm listed at http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00801c9199.shtml to pull out the MAC addresses.
Layer 3 ports are another matter. These are ports that don't show up in the 'sh vlan' command on a router/layer 3 switch. Ideally, I'd like to use the MAC addresses present in these ports, underlying the layer 3 connection, as that's a bit more 'permanent' than the IP address - these do show up in the MAC-address table on the device. However, the fact that these ports don't have an associated VLAN, and that the MAC retrieval via SNMP is VLAN-indexed, makes it quite difficult.
I've been banging my head against this for about a week or so, but nothing I try/find seems to allow me to get the non-VLAN MAC addresses. Is it possible to map the layer three ports this way, or will I need to use layer 3 (IP address) mapping?
If you are connected via layer 2 to the device, you could just use a ping on the layer 3 address to generate an arp lookup and then look in the arp cache for the mac... This would work for any layer 3 port, even logical ports like the layer 3 version of Portchannels.
This is probably the easiest way.
If you want to be 100% in the realm of SNMP:
To get the interface table for that device, walk the below oid. It will return
the list of all interfaces on that device. This should work on any device (even a server) runnning a SNMP agent:
.1.3.6.1.2.1.2.2.1.2
This will give you a list of interface numbers (last digit in OID), and the interface descriptions. It works for SVI and physical interfaces, not sure about logical types other than SVI.
Then for each interface, to get it's mac (where x is the value in the interface table):
.1.3.6.1.2.1.2.2.1.6.x
This gives you the mac. (Leading 0's can be truncated on some devices.)
However, you will need atleast 1 layer 3 address on each device to do the snmpwalk and get.
If you just want all the macs, then walk this oid:
.1.3.6.1.2.1.2.2.1.6
I use this approach to do something similar on a large network.