Using NDNA and GRASP to find end-hosts in a network environment

This procedure assumes working DNS in the environment on the hosts for both A records and PTR records:

1. Using NDNA, you can run the vendor neutral custom script, using the core IP and command shown below, you'll run the following command on the end hosts first hop (e.g. L3 core) of your VLANs, depending on if it's an IOS or NXOS device.

For an IOS core

sh arp

For an NXOS core sh ip arp

Again, you can use your Python custom vendor neutral script to do this.

2. Review the config output - this example shows the file with a name of "sh-arp-config.txt"

(real file name would be different if you used the NDNA program, e.g. using the vendor neutral script)

IOS Output

cat sh-arp-config.txt Protocol Address Age (min) Hardware Addr Type Interface

Internet 10.64.0.10 - 0000.0c07.acf6 ARPA Vlan646 Internet 10.64.1.11 - 000b.4522.397c ARPA Vlan641 Internet 10.64.1.10 0 000b.4524.79fc ARPA Vlan641 Internet 10.64.1.14 - 000b.4522.397b ARPA Vlan99 Internet 10.64.0.12 2 000b.4524.79ff ARPA Vlan646 Internet 10.64.0.13 - 0000.0c07.ac63 ARPA Vlan99 Internet 10.64.7.1 1 000b.4524.79fa ARPA Vlan99

(output omitted)

-----------------------------------

NXOS Output

cat sh-arp-config.txt Address Age MAC Address Interface

10.64.0.10 - 0000.0c07.acf6 Vlan646 10.64.1.11 - 000b.4522.397c Vlan641 10.64.1.10 0 000b.4524.79fc Vlan641 10.64.1.14 - 000b.4522.397b Vlan99 10.64.0.12 2 000b.4524.79ff Vlan646 10.64.0.13 - 0000.0c07.ac63 Vlan99 10.64.7.1 1 000b.4524.79fa Vlan99

(output omitted)

3. Run the following command to create a new shell script:

For IOS

cat sh-arp-config.txt | grep ^"Internet"| awk {'print $2'} | sed -e 's/^/resolveip /' > discover-hosts-in-datacenter.sh

For NXOS

cat sh-arp-config.txt | grep "^[1-2]" | awk {'print $1'} | sed -e 's/^/resolveip /' > discover-hosts-in-datacenter.sh

4. Review the file

cat discover-hosts-in-datacenter.sh resolveip 10.64.0.10 resolveip 10.64.1.11 resolveip 10.64.1.10 resolveip 10.64.1.14 resolveip 10.64.0.12 resolveip 10.64.0.13 resolveip 10.64.7.1

(output omitted)

5. Run the following command to finish the new shell script:

sed -i '1s/^/#!\/bin\/sh\n/' discover-hosts-in-datacenter.sh

6. Review the file

cat discover-hosts-in-datacenter.sh #!/bin/sh resolveip 10.64.0.10 resolveip 10.64.1.11 resolveip 10.64.1.10 resolveip 10.64.1.14 resolveip 10.64.0.12 resolveip 10.64.0.13 resolveip 10.64.7.1 (output omitted)

7. Make this shell script executable using the following command:

chmod 755 discover-hosts-in-datacenter.sh

8. Run the script - output it to a new text file.

./discover-hosts-in-datacenter.sh > discovered-hosts.txt

9. Check the file contents

cat discovered-hosts.txt Host name of 10.64.0.10 is wcappcvcs1.westcoastlab.com Host name of 10.64.1.11 is wcaventail_vip.westcoastlab.com Host name of 10.64.1.10 is us-wc-ntp1.westcoastlab.com Host name of 10.64.1.14 is wctempaventail1.westcoastlab.com Host name of 10.64.0.12 is wcnetappfw-em1.westcoastlab.com Host name of 10.64.0.13 is wcdce2ksw1.westcoastlab.com Host name of 10.64.7.1 is wcdcrm1vl212.westcoastlab.com

(output omitted)

Even though this process might seem involved, the whole process only comprises:

1. Run the python script to pull the "sh arp" from the core router of the Data-Center.

2. Run these four commands:

• If IOS --- cat sh-arp-config.txt | grep ^"Internet"| awk {'print $2'} | sed -e 's/^/resolveip /' > discover-hosts-in-datacenter.sh

Or command below if NXOS - then final three commands

• cat sh-arp-config.txt | grep "^[1-2]" | awk {'print $1'} | sed -e 's/^/resolveip /' > discover-hosts-in-datacenter.sh

• sed -i '1s/^/#!\/bin\/sh\n/' discover-hosts-in-datacenter.sh

• chmod 755 discover-hosts-in-datacenter.sh

• ./discover-hosts-in-datacenter.sh > discovered-hosts.txt

About a 5 minute process, once you have it down. This would be regardless if you have 5 hosts or 300 hosts in your ARP table output

That's it!

Stay tuned for more creative ways to use the NDNA program....

Best Regards,

Brett M. Spunt, CCIE No. 12745