RE: MAC address detection

This is something we also need. However we need to be able to perform
using partial MAC address. Allowing us to find anything made by a
particular company; example 00A000******.

Thank You
Eric McKenney

-----Original Message-----
From: owner-traffic-management@inmon.com
[mailto:owner-traffic-management@inmon.com] On Behalf Of Neil McKee
Sent: Saturday, November 26, 2005 11:20 AM
To: Mike Zanker
Cc: sflow traffic management ML
Subject: Re: [traffic-management] MAC address detection

Mike,

ITS version 5 will make this kind of thing quite straightforward,
because custom-reports can be scheduled to run quite frequently. In the
mean time, if you need to do this with ITS version 4 I think the
simplest way to do it is probably will a small script. You can build
the query URL you want using Query->Other->Interface Traffic, and
then use it with wget(1). The script can be scheduled with cron(1)
to run periodically, and it can generate an event just by writing a
file into the appropriate directory.

Below is a roughly thrown-together example that might serve as a
starting point. Hope this helps.

regards,
neil

------------------------------------------------------------------------

----
#!/bin/bash
# example script to look for traffic from a given MAC address.
# To have this script run every 5 minutes, make it executable using #
"chmod -x", and submit a cron entry like this:
#
# echo "*/5 * * * * /path/to/this/script > /dev/null" | crontab "-"
SEARCHMAC='000480603600';
# query the last 5 minutes using Query->Other->Interface Traffic.   
Filter
# with filterProtocol=MAC and set the sourceAddress filter to the one #
we are looking for.  grep the output to see if it appeared.
FOUND=`wget -q -O- "http://demo.inmon.com/its/query/Monitor? 
filterProtocol=MAC&sou
rceAddress=$SEARCHMAC&intervals=1&intervalSize=5&resultField=time%
2CsourceAddress&
resultFormat=csv&resultProtocol=MAC&action=query" | grep -c $SEARCHMAC`;
echo "FOUND=$FOUND";
# post an event into the ITS event directory #
POSTEVENTS="/usr/local/inmon/server/events/testForMAC.$$.up"
#if [ "$FOUND" = "1" ]; then
#    echo "::inform:status:mac:up::::mac=$SEARCHMAC" > $POSTEVENTS;
#fi
On Nov 23, 2005, at 12:26 PM, Mike Zanker wrote:
> Hello,
>
> is it possible to configure InMon to alert when it sees a specific MAC
> address?
>
> Thanks,
>
> Mike.
================================================================================================
Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
================================================================================================