How do i determine who has what public IP address on my network .......basically we have a cisco router 2611 router and a nortel cmts 1000 and i can see the private 10.0.X.XX range and i know who has it but i can not determine who has what public ip address on the CPE side of the cable modems.....i need this info because someone on the network with the 12.230.XX.XXX/24 range has malicious network traffic. I have researched the DHCP server and can see the mac address of the CPE device behind the modem but that doesnt really help me. Can anyone advise?
Not sure on a nortel CMTS but on a cisco one you could do something like this
show cable modem <public ip>
Another possibility if the CMTS supports it is to turn on option 82 which sends the dhcp forwarder (the modem mac) along with the dhcp request. Which DHCP server are you using?
http://www.softperfect.com/download/ has free network scanner so you can match the ip address to a mac address. being an older bridge cmts, not sure if there's commands like show cable modem host or show cable modem cpe?
thinking that you can scan and trace your way to the end user
Hi,
What I do is parse the dhcp leases file and or the arp table. I do this and it make ntop a dream come true for cable operators.
emkowale
I am using ISC DHCP.
Where there's a wire there's a way.
How to get CM ip or mac address from CPE public ip by using SNMP?
Which OID I need to use?
One other option is a bit brute force but in a pinch will work:
Using SNMP query each modems bridge table and look for the offending mac, this implies you can get a list of cable modem ips.
with PHP you could do something like the following
// Mac you are looking for note the space at the end
$targetMac = "Hex-STRING: 00 14 E8 9B 96 16 ";
// Modems your searching
$modems = array("10.0.0.2","10.0.0.3");
foreach ($modems as $modem)
{
$macsBehindModem = snmpwalk($modem, "public", "1.3.6.1.2.1.17.4.3.1.1");
if (array_search($targetMac, $macsBehindModem)) {
echo "$targetMac found behind modem $modem\r\n";
die();
}
}
I am not php expert....so help me out here......the script is returning............
PHP Fatal error: Call to undefined function snmpwalk() in /root/index.php on line 8
I can snmpwalk the cable modems on each network from the server i am running this script on.......i also did check and net-snmp package is install.
Also i do not think this will work because i will not know the CPE "target mac" only the cable modem "target mac"...........usless this is what you mean....
Where there's a wire there's a way.
The PHP error you are getting is beacuse you do not have the PHP module for snmp loaded. In most versions of Linux you need a package called php5-snmp or something similar. For windows machines you would have to enable that module manually check the PHP website for instructions.
You have the public IP you are looking for right? Ping it and then check ARP i.e. arp -a publicIP this will give you the mac address associated with the IP in question. you just need to be sure to format it appropriately.
In the C3 you have the command
sh interfaces cable 1/0 modem xxx, where xxx is the SID.
Good luck
Demian