MAC vendor check
Homepage:
nhw.pl/blg/articles/mac_count/
Download:http://www.nhw.pl/blg/download/mac_count.tgz
This is simple script to check what MAC addresses are in Your network. What
for ? If someone adds unauthorized device (like wireless AP) this could
help found it out.
How it works ? It connects via telnet to Cisco devices, dumps MAC address
table and using http://www.coffer.com/mac_find check what devices (vendors)
are connected to LAN.
Requirements:
- expect
- cat/grep/awk/perl/telnet/etc...
- access to web (could be via proxy)
- user with access to show mac-address-table command on Cisco switches
Running:
In file list.txt provide username, password and hostname separated via
whitespaces, one in each line.
Run dump_mac.sh script.
WARNING!
Expect script assumes that prompt from switch is exactly HOSTNAME> where
hostname is taken as is from list.txt. In my environment it works ;-))
Now in directory exp_out are dumped mac address tables, each in separate
file. Run bind.sh, which runs through all MACs and checks all found vendor
parts in MAC address. I tried to do it gracefully and run minimal number
requests to www.coffer.com, but for sure it can be done even more efficient.
If all works well in file outp.txt should be all found vendors. Go through
it, and search for something there should not be.....
If You want to find one specified vendor devices, in bind.sh, last line after
exit 0 there is command which makes from outp.txt something useful as
patterns to grep through all files in exp_out directory. Choosing right
pattern and runnig grep -i PATTERN exp_out/*MAC will show all switches and
ports on it with this vendor's devices.
(c) 2005 Witold Rugowski
http://www.nhw.pl/blg/
mailto:blg@nhw.pl