Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 447
  • Last Modified:

MAC Address count

Hopefully this is a quick and simple question. I need to monitor the number of MAC addresses crossing our WAN (over 254, there is an extra charge). Does anyone have a simple way to constantly monitor the number of MAC addresses going through a network? I could use some sniffer like wireshark but that would take significant time for export and searching. There must be an easier method. BTW this connection covers several subnets, so something in promisc mode just grabbing the MAC addresses it what I am looking for.
0
MoisdTech
Asked:
MoisdTech
  • 3
  • 2
1 Solution
 
Bill BachPresidentCommented:
Instead of worrying about it, why not just circumvent it?  Run all traffic through a NAT/Firewall or even a VPN device.  Then, they will all show up as a single MAC address.  The MAC address of the network packet is always regenerated by the nearest downstream router, so adding a simple routing device will also limit the MAC addresses down to 1.  It should not matter how many IP addresses you have, or how many subnets you have, either.

0
 
MoisdTechAuthor Commented:
We are doing that to a point, however we have six different school districts running over this WAN. Each is supposed to be natting their addresses, however some are adding things that should not be there. The boss wants to ensure that we are not even close to the max number of addresses.
0
 
MoisdTechAuthor Commented:
What I really need is a method to pull an ARP table off of an HP Procurve and dump it into a database, maybe mysql or something similar.
0
 
Bill BachPresidentCommented:
A smart switch (I assume that the ProCurve is managable) should be able to be inserted into the stream and it will see all MAC addresses that are passing through.  

For that, though, you need to set up the ProCurve with an IP address (if you haven't already) and then connect to it with TELNET and use the command set provided to query the ARP or MAC table.  Check your manual for the right commands, which may very by model.  I put in "ProCurve cli" into Google and hit a bunch of them, including this PDF reference manual:
    http://www.google.com/url?sa=t&ct=res&cd=1&url=http%3A%2F%2Fh50229.www5.hp.com%2Fweb%2Fhp%2Fprocurve%2Fsg%2Fpdfs%2F6200-5400-3500-CLI-k1201-Feb2007.pdf&ei=MXlOSM2iFJK4hAKrt_iHAg&usg=AFQjCNHN8gAtD0th0OhXalhH1yKsZgLz3A&sig2=9qqpF7Dp2v8t-AxziPdq0A
0
 
MoisdTechAuthor Commented:
I you are correct, I was looking for something more automated, I think I will look cron and snmpwalk, thanks
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now