Network Switch ip to port mapping using neo

Open Source Network Administration gives some introduction to this network tool called neo. Latest version can be found ktools.org
(http://www.ktools.org/dist/neo/neo-1.3.1.tar.gz)

There is one catch while you compile & install in Ubuntu since the object_statstransfer.c , object_sleeper.c uses CLK_TCK i think CLK_TCK obsolete we have to use CLOCKS_PER_SEC instead. But i just defined as followed in the both files.

/* Define my constant */
#define CLK_TCK 100

Installation process :
1 ) gunzip -c neo-1.3.1.tar.gz | tar xvf -
2 ) cd neo-1.3.1
3 ) ./configure
4 ) Do the relevant changes as explained earlier in the both source files.
5 ) make
6 ) make install

neo has its own command line. But basic things you need to get ip to port map two command arpfind , locate .

Before doing that you can define the switches & the core router in one file. (router needed to find the ip to arp resolution)
example /var/neo/switches

192.168.1.10
192.168.1.11

if you want to find the relevant ip to arp mapping you could issue the command as
neo -c "community string" arpfind @f:/var/neo/switches
This will give u the arp address ,
then you can issue the location command to locate the port number.


neo -c "community string" locate @f:/var/neo/switches

I've combined both into one perl script. I haven't use the community string here since i complied the default community as relevant string. You can change the community string while compiling (
object_global.c 


  g->argv0=NULL;
  g->readcom=strdup("public");
  g->writecom=strdup("public");
  neo_global_set_burst(g, 1);



#!/usr/bin/perl
#Arp to IP Mapper Argument as host
$arg = $ARGV[0];

#To save the actual arp
$real_arp = "";
#Identify the arp of the host
@arp = `neo arpfind $arg \@f:/root/gobi/neo-1.3.1/switches`;
foreach (@arp)
{
 if ($_ =~ /says/)
 {
 $real_arp = substr($_,-18);
 last ;
 }
}
chomp($real_arp);
@port = `neo locate -u $real_arp \@f:/root/gobi/neo-1.3.1/switches`;

foreach(@port)
{
print $_;
}

root@--:~/gobi# ./run.pl 192.168.29.2
Found on 6@192.168.0.200
Found on 10@192.168.0.204

I'm doing some reverse mapping also using simple snmp queries like
@ip2arp_tbl = `snmpwalk -c "public" -v 2c 192.168.0.99 "ip.ipNetToMediaTable.ipNetToMediaEntry.ipNetToMediaPhysAddress"`; I'll give that in a different post if successful .

Comments

Emmanuel Arul Gobinath said…
Neo having some issue with Port Numbering. I don't know the actual reason. I'll dig if i've time on it. :)
October 13, 2009 at 11:41 PM
Post a Comment

Popular posts from this blog

l2tpv3 configuration reference

Image
Reference Comparing , Designing and Deploying VPNs chap - 02 : L2TPv3 is the enhanced version of L2TPv2 protocol. Mikrotik uses L2TPv2 i suppose but it offer another similar tunneling mechanism as EOIP. L2TPv3 in cisco provides Pseudo-wire services to the customer. L2TPv3 only require the IP connectivity between peers but it can transport Ethernet, 802.1Q , HDLC, PPP framerelay etc. Advantage over MPLS is the customer having the full control of their routing domain. L2TP depolyment methods having 3 topologies LAC - LNS , LNS - LNS , LAC - LAC Following Diagram explain simple LAC - LAC L2TPv3 setup. It uses two types of messages: control connection messages - used for signaling between LCEs session data messages - Used to transport layer 2 protocols and connections Data channel Message Header having Session ID & cookie to correctly associate with the tunnel Deploying dynamic Pseudowires session 1) configure CEF - Its default in IOSs now. 2) configure a loopback in
Read more

mikrotik queue tree - Per connection queuing.

Image
One of the cool feature on Mikrotik queuing is Per Connection Queuing . we can equally distribute the bandwidth among Number of users.[1] This setup explores the per connection queuing in the congestion situation and how to utilize the priority queuing features. [Please note Mikrotik Queue lowest priority value have highest priority eg: queue priority 7 traffic gets highest preference over queue priority 8  ] In this test setup 192.168.92.50 and 51 given 512Kbps per connection queuing(PCQ) Priority 6 . 192.168.52 and 54 placed under 256Kbps PCQ (Priority 8) and further youtube users given 384Kbps irrespective to the queue they are currently placed ( FIFO) . 1) Bridge setup - " Don't forget to enable the bridge firewall :) " /interface bridge add admin-mac=00:00:00:00:00:00 ageing-time=5m arp=enabled auto-mac=yes comment="" disabled=no forward-delay=15s l2mtu=1522 \ max-message-age=20s mtu=1500 name=br_traffic_shaper priority=0x8000 protocol-mode=none
Read more

Decoding BGP Notification Error

Following Log messages are normal in the IX scenario but decode the error message is quite interesting: We will see why this error message popped up : : %BGP-3-NOTIFICATION: sent to neighbor 10.10.194.236 2/7 (unsupported/disjoint capability) 0 bytes  FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 0039 0104 xx0D 00B4 C06A 1102 1C02 0601 0400 0200 0102 0280 0002 0202 0002 0246 0002 0641 0400 00C4 0D its a raw hex out  of the BGP open message and starts from the marker  16byte FF so the actual output starts from 0039  2 byte length value : 00 39 - 57 1 byte Type : 01 open message 1 byte Version : 04 2 byte ASN : xx0D  [ modified to remove the relevant information ] 2 byte holdtime : 00 B4 - 180 Seconds 4 byte BGP identifier : C06A 1102 [ modified ] 1 byte Optional parameter length : 1C   - 28 bytes Refer RFC: http://tools.ietf.org/html/rfc5492 http://tools.ietf.org/html/draft-ietf-idr-ext-opt-param-02 http://www.iana.org/assignments/capability-codes/capability-c
Read more