Nevermind, it appears SNMP is turned off on our routers and I do not have control over that. I can at least present this as a possible option to the person that does. Thank you very much for your suggestions, everyone. I'm so glad I joined this list; I've learned so much and it's great to talk to people who like to share their knowledge and experience.
--JR On Thu, Oct 18, 2012 at 4:21 PM, Phil Regnauld <regna...@nsrc.org> wrote: > Raymond Burkholder (ray) writes: > > > > NetDisco knows how to scan networks for mac addresses, arp addresses, ip > > addresses, etc. It keeps track of deltas. It may have be able to email > > deltas or something similar. Or run a query against the database, as I > > seem to recall it seems to hold historical data. > > Yes, NetDisco will do this, and it has query interface for looking > up MAC <-> associations, and where they were last seen. > > Netdot (netdot.uoregon.edu, just mentioned it in an earlier mail) > also > offers this functionality, and stores the information in the > database for > querying/searching. > > Jonathan Rogers (quantumfoam) writes: > > I, uh...don't actually know how to do that. I've not done very much with > > SNMP other than working with power management devices. If someone could > > direct me to a good tutorial, that would be much appreciated. > > It's probably easier to use one of the tools mentioned than to > start > writing your own. To do that, you'd have to retrieve the L2 > forwarding table from switches, and the ARP tables from L3 devices. > You have to query all active devices regularly and build/update > your DB > from that. There are tools such as SNMP::Info > http://search.cpan.org/~maxb/SNMP-Info-2.01 that make this easier, > but still some amount of coding would be required. > > It's then a matter of querying the DB, and looking for the MAC > addresses > of suspected rogue devices, if they keep on showing up (you will > see many > one-times that don't reappear, which also grows the DB > significantly over > time). > > Phil >
