routetehpacketz / cisco-ip-trace Goto Github PK

Great script but is there a way to tell the script to just look at the entire ARP table and look it all up? And can you add a DNS lookup option to attempt to resolve IP to hostname?

Dear sir,

The script is giving error if I outputting to csv or anything.
If I run without output it is working fine. This is for your info.
If you needed any further checks and log report. Pls let me know.
Thanks in advance.
Regards,

The script is no longer tracing MACs when an IOS router is supplied instead of a L3 switch.

You might need to cover other interface types like ten gig, TwoGigabitEthernet and TwentyFiveGigE also..When mac was larning from ten gig, I felt that code stopped there...I can be wring also..But, just an FYI

Traceback (most recent call last):
File "iptrace.py", line 223, in
main()
File "iptrace.py", line 219, in main
singleip_scan()
File "iptrace.py", line 202, in singleip_scan
cdp_nei_ip,match_mac=core(core_router,current_ip)
File "iptrace.py", line 89, in core
mac_port=mac_port.group()
AttributeError: 'NoneType' object has no attribute 'group'

Just a feature request here, but maybe add a column w/ the OUI lookup to grab the MAC address assignment..
There are a million sites that to it.. but looking up the first 6 bytes of the MAC address and translating it (in a separate column) to Intel (for example), would be helpful in my work.
example site: https://hwaddress.com/oui-iab/AC-ED-5C/

i just copied the whole code and ran from my pc. but it threw many tracebacks after it says "tracing ip" am I missing anything here? please help..new to this world

Man I am really impressed with your coding skills and could not find anyone better to ask this. So, I am asking you a new request and it is not related to this code. BTW, your code is amazing. Now to my request, do you have a code that will login to cisco devices and take every command output that we specify in a separate file? For example, I will save a text file with the commands that I need to get output of, like show run, show cdp neigh and another file with the devices IP details. Once these details are fed to each file, running the code should log into each of these devices and take o/p of the command and each command output must be save in a separate file. Do you have one like that?

See an issue when running the script from a newer OS to an older IOS and it breaking when no matching ciphers are found. The script doesn't report an error when this happens, it just goes back to the command line,

:/local-dp$ sudo ./arp-v2.py -FA -u admin -c 10.103.1.1 -f fl-arp.csv
Password:
Enable password (leave blank if not needed):
:/local-dp$ ssh [email protected]
Unable to negotiate with 10.103.1.1 port 22: no matching cipher found. Their offer: aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc

Anyway to specify which cipher to use via a switch?

Another feature request. If for instance, it's tracing MAC's of a bunch of WiFi clients that are hanging off of a Cisco WLC, your script probably has no idea how to log into a WLC. That or my it could just be that my authentication to the WLC is different than the switches. Either way, I'd love if the script was intelligent enough to remember the CDP Neighbor IP(s) that it couldn't SSH into, and simply not try after the first failure on that same IP. That could speed up the discovery of a long list of IPs, since it has to time out for 10 or so seconds each time.

Traced to CDP neighbor 10.10.10.15, but could not SSH into it.

Alternatively, you could add a command line argument for a regex that would compare the description of the local port to determine if it should even TRY to ssh to the CDP neighbor on that port. In my case, I would add a regex to match /WLC|wlc/, so if the port description said WLC, it wouldn't bother w/ the nested/recursive SSH and just log what it knows and move on (which is what it does after ssh login fails on the WLC)

Switch ports coming back as 'Unknown' and not sure why. This end host is on the far end of switch via a port-channel off the core.

`(p3-env) admin@admin:/tmp$ python cisco_ip_trace.py
Enter target in CIDR notation (192.168.10.0/24): 192.168.17.20
Enter VRF for the IP. Press 'Enter' if you're not using VRFs:
Enter the IP address of the core router/switch that can ARP for the IP address to trace: 192.168.1.1
Username: admin
Password:
Enter a filename to save output as CSV (leave blank for no file output):

Tracing 192.168.17.20...Port Unknown
Device IP,MAC Address,Switch,Port,Port Description,Interface Type,VLANs on port,Port MAC count
192.168.17.20,**686d.bc06.4cac**,r187-9600,Unknown`

However I can see it from the mac address-table from the switch its connected to:

sw87-2960#sho mac address-table | i 4cac 17 **686d.bc06.4cac** STATIC Gi2/0/13

Would be nice to have the script attempt to resolve the IPs it finds and report back with the FQDNs. That way you would have 99% of the identifying information for the IPs it does find in the ARP table.

Hi,

After i input username, then should i waiting or what?, because no pop up to input password or anything.
I've waited for 5 minutes but nothing happen

The script does not allow the entry of an enable password if one is required.

If the end port the device is on is a partial match for the trunk port on the switch there will be a false positive match in the get_interface_mode function that will return incorrect information for the "interface type", "VLANs on the port", and "Port MAC count".

ex:
show interface trunk | inc Gi0/1 will show any trunk ports starting with Gi0/1 so Gi0/10-19 are potential matches

Gi0/1 is the port the IP address I am tracing to resides on, and the device is host_b, if the trunk port on host_b is port Gi0/11 this will make the interface_trunk_match function true and output incorrect data.

This is because of the regex trunk_regex = re.compile(r'%s\s*(\S.*)' % mac_port, re.MULTILINE) specifically the \s* is too inclusive.

In my own testing changing the regex to trunk_regex = re.compile(r'%s\s+(\S.*)' % mac_port, re.MULTILINE), which is just changing the \s* to \s+ has resolved this edge case and not yet produced any additional issues for me, since the regex + is requiring 1 or more of, as opposed to the * which is zero or more of.

Thank you for making this tool!

I can submit a pull request and subsequent merge request if that is the preferred method, but would like any others with potentially more diverse networks to test this out and see if it impacts them.

Ran into another issue where the script just stops when it can't login to a device that it finds has the MAC address it is attempting to locate. In this case a user has a computer daisy chained from their IP phone. Obviously it's not a switch but I would like the script to keep going rather than stopping. In a case like this can some logic be added to tell it to continue on?

Tracing 10.99.16.94...Traceback (most recent call last):
  File "/local-dp/p3-env/lib/python3.6/site-packages/netmiko/base_connection.py", line 782, in establish_connection
    self.remote_conn_pre.connect(**ssh_connect_params)
  File "/local-dp/p3-env/lib/python3.6/site-packages/paramiko/client.py", line 343, in connect
    retry_on_signal(lambda: sock.connect(addr))
  File "/local-dp/p3-env/lib/python3.6/site-packages/paramiko/util.py", line 280, in retry_on_signal
    return function()
  File "/local-dp/p3-env/lib/python3.6/site-packages/paramiko/client.py", line 343, in <lambda>
    retry_on_signal(lambda: sock.connect(addr))
socket.timeout: timed out

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "cisco-ip-trace-dns.py", line 326, in <module>
    main()
  File "cisco-ip-trace-dns.py", line 317, in main
    line = TraceIPAddress(ipaddress_ipcalc)
  File "cisco-ip-trace-dns.py", line 284, in TraceIPAddress
    line=TraceMac(mac, ipaddress, dns_name, core_switch, username, password)
  File "cisco-ip-trace-dns.py", line 236, in TraceMac
    line=TraceMac(mac, device_ip, dns_name, cdp_nei_ip, username, password)
  File "cisco-ip-trace-dns.py", line 236, in TraceMac
    line=TraceMac(mac, device_ip, dns_name, cdp_nei_ip, username, password)
  File "cisco-ip-trace-dns.py", line 220, in TraceMac
    next_switch_conn=ConnectHandler(device_type='cisco_ios',host=switch_ip,username=username,password=password)
  File "/local-dp/p3-env/lib/python3.6/site-packages/netmiko/ssh_dispatcher.py", line 218, in ConnectHandler
    return ConnectionClass(*args, **kwargs)
  File "/local-dp/p3-env/lib/python3.6/site-packages/netmiko/base_connection.py", line 270, in __init__
    self.establish_connection()
  File "/local-dp/p3-env/lib/python3.6/site-packages/netmiko/base_connection.py", line 787, in establish_connection
    raise NetMikoTimeoutException(msg)
netmiko.ssh_exception.NetMikoTimeoutException: Connection to device timed-out: cisco_ios 10.99.29.196:22

In the above the last IP is a phone 10.99.29.196 and the IP 10.99.16.93 is hanging off of that phone.

@routetehpacketz

Hi, I have one device which is struggling with the script and I am not sure why. Yesterday it wouldn't even login to the device and the script would just stop. I thought it was due to mismatch ciphers but that didn't seem to matter. Today it can login but dies with the same error.

Any idea why that is? Its a WS-C2960XR-48FPS-I and what is odd is it seemed to be able to get some data the first time but nothing after that. Its on the other side of the world so maybe latency? Or timeout for waiting for data?

p3-env) :/local-dp$ sudo ./arp-v2.py -FA -u admin -c 10.103.1.1 -f kl-arp.csv
Password:
Enable password (leave blank if not needed):

Tracing 10.103.1.1...Port Unknown
10.103.1.1,N/A,5cfc.66f3.08d0,2960-ww,Unknown

Tracing 10.193.1.2...Traceback (most recent call last):
  File "./arp-v2.py", line 397, in <module>
    main()
  File "./arp-v2.py", line 374, in main
    line = trace_ip_address(ipaddress_ipcalc)
  File "./arp-v2.py", line 345, in trace_ip_address
    line = trace_mac(mac, ipaddress, dns_name, options.core_switch, options.username, password, secret)
  File "./arp-v2.py", line 282, in trace_mac
    interface_type, vlans = get_interface_mode(next_switch_conn, port)
  File "./arp-v2.py", line 226, in get_interface_mode
    show_interface_trunk = next_switch_conn.send_command("show interface trunk | inc " + mac_port, delay_factor=.1)
  File "/local-dp/p3-env/lib/python3.6/site-packages/netmiko/base_connection.py", line 1188, in send_command
    search_pattern))
OSError: Search pattern never detected in send_command_expect: show\ interface\ G

(p3-env):/local-dp$ sudo ./arp-v2.py -FA -u admin -c 10.103.1.1 -f kl-arp.csv
Password:
Enable password (leave blank if not needed):

Tracing 10.103.1.1...Traceback (most recent call last):
  File "./arp-v2.py", line 397, in <module>
    main()
  File "./arp-v2.py", line 374, in main
    line = trace_ip_address(ipaddress_ipcalc)
  File "./arp-v2.py", line 336, in trace_ip_address
    mac = get_mac_from_ip(ipaddress, options.core_switch, options.username, password, secret, options.vrf)
  File "./arp-v2.py", line 142, in get_mac_from_ip
    show_ip_arp = core_switch_conn.send_command("show ip arp " + current_ip + "\n", delay_factor=.1)
  File "/local-dp/p3-env/lib/python3.6/site-packages/netmiko/base_connection.py", line 1188, in send_command
    search_pattern))
OSError: Search pattern never detected in send_command_expect: ping\ \ \ 10\.103

(p3-env):/local-dp$ sudo ./arp-v2.py -FA -u admin -c 10.103.1.1 -f kl-arp.csv
Password:
Enable password (leave blank if not needed):
Traceback (most recent call last):
  File "./arp-v2.py", line 397, in <module>
    main()
  File "./arp-v2.py", line 367, in main
    arp_targets = get_arp_table(options.core_switch, options.username, password, secret, options.vrf)
  File "./arp-v2.py", line 122, in get_arp_table
    arp_table = core_switch_conn.send_command("show ip arp " + current_vrf + " | exc Incomplete\n", delay_factor=.1)
  File "/local-dp/p3-env/lib/python3.6/site-packages/netmiko/base_connection.py", line 1188, in send_command
    search_pattern))
OSError: Search pattern never detected in send_command_expect: term\ len

Should be an easy one, but you may want to strip out commas that you find in the interface descriptions.. otherwise it throws off the columns in the output CSV.

This would make a great docker container. Has anyone made one for it that includes all the prereqs?

I use 2960x and when I manually ping or find IP, I can do the arp. when I run script, it says, No MAC for x.x.x.x Not sure what is happening