- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hello,
I am hoping someone may be able to help me out here. Thanks in advance.
I have a cluster of 6200 devices. I have a netgear switch which is connected to one of the interfaces but I do not know the IP address of the switch. Is it possible to determine the IP Address of the switch if I have the MAC address of the switch please? I have performed an arp -a but I could not see the MAC address of the device.
Many thanks.
Are you sure that Switch even have an IP? It might be that it does not. Why not to look on the switch itself?
Thanks Val, I tried the default IP address of the switch with no luck.
Connect console, look locally on the switch. It may not have ANY IP address to begin with.
if you are referring to the switch management IP, running lldpneighbors in expert mode might help.
Thanks Guy, I tried lldpneighbors but it did not work. I got lldpneighbors couldn't connect to the OpenLDP transport socket. Is lldpd running?
My cluster is running on R80.40
Unfortunately LLDP is support from R81.
Do you see different results if you ping the broadcast address of the subnet first?
This is not something I tried myself, but what about using tcpdump to see if you can capture lldp packets on the wire?
This certainly looks promising - https://medium.com/@getGroovy/lldp-packet-sniffing-38f999e733fa
There will be two ways to determine the management IP address of the switch: active and passive. Passive depends on the switch emanating some identifying information such as CDP or LLDP. My Max Power 2020 book covered how to capture CDP and/or LLDP traffic if it is there; the techniques are listed below. The switch should always emanate BPDUs for Spanning Tree purposes and you will be able to see these frames in a capture, but they do not contain Layer 3 information such as an IP address to my knowledge. Ensure that any capture you run is allowed to execute for at least 60 seconds.
As far as active techniques, as Chris said you can try pinging the network broadcast address like this: ping -b 192.168.1.255; then check your ARP cache with arp -an to see if the switch IP has showed up. You can also try ping -b -I (interfacename) 255.255.255.255. But some devices won't answer a broadcast ping for whatever reason, so you could run something like this then check the ARP cache afterward:
#!/bin/sh
CNTR=1
while [ $CNTR -lt 254 ]
do
ping 192.168.1.$CNTR -c 1 -t 1 -n
CNTR=$(( $CNTR + 1 ))
done
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY