查找服务器对应交换机端口

Netkiller Cisco IOS 手札

netkiller?Neo Chan

2009-12-12

版权 ? 2009, 2010, 2011 Neo Chan

转载请与作者联系，转载时请务必标明文章原始出处和作者信息及本声明。

文档出处:?http://netkiller.sourceforge.net/?|?http://netkiller.github.com

文档最近一次更新于?Tue Nov 29 11:45:42 UTC 2011

下面是我多年积累下来的经验总结，整理成文档供大家参考:

Netkiller Architect 手札	Netkiller Linux 手札	Netkiller Developer 手札	Netkiller Database 手札
Netkiller Debian 手札	Netkiller CentOS 手札	Netkiller FreeBSD 手札	Netkiller Shell 手札
Netkiller Web 手札	Netkiller Monitoring 手札	Netkiller Storage 手札	Netkiller Mail System 手札
Netkiller MySQL 手札	Netkiller LDAP 手札	Netkiller Security 手札	Netkiller Version 手札
Netkiller Intranet 手札	Netkiller Cisco IOS 手札	Netkiller Writer 手札	Netkiller Studio Linux 手札

当你空降到一家新公司，一般情况下都是，工作一团乱麻，前任迫不及待的等待工作交接或者工作转移，

等着你去救火，如果工作井然有序，公司也不能去招聘新人。

所有当你看到一团乱麻的网络与服务器，束手无策，你想重新整理，又不能影响现有业务。

怎样快速寻找交换机端口对应的服务器。我使用过很多方法（不能中断网络，所有不能使用寻线设备），开始show arp

show mac地址表，寻找对应关系，比较麻烦。

后来想到CDP协议，采用tcpdump 抓包，可以快速看到服务器插在那个交换机端口上。

$ sudo tcpdump -nn -v -i eth0 -s 1500 -c 1 'ether[20:2] == 0x2000'[sudo] password for neo:tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1500 bytes13:51:31.825893 CDPv2, ttl: 180s, checksum: 692 (unverified), length 375        Device-ID (0x01), length: 7 bytes: '4A3750G'        Version String (0x05), length: 182 bytes:          Cisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)          Copyright (c) 1986-2007 by Cisco Systems, Inc.          Compiled Thu 19-Jul-07 19:15 by nachen        Platform (0x06), length: 23 bytes: 'cisco WS-C3750G-24TS-1U'        Address (0x02), length: 13 bytes: IPv4 (1) 193.168.0.254        Port-ID (0x03), length: 21 bytes: 'GigabitEthernet1/0/15'        Capability (0x04), length: 4 bytes: (0x00000029): Router, L2 Switch, IGMP snooping        Protocol-Hello option (0x08), length: 32 bytes:        VTP Management Domain (0x09), length: 3 bytes: 'xiu'        Native VLAN ID (0x0a), length: 2 bytes: 11        Duplex (0x0b), length: 1 byte: full        AVVID trust bitmap (0x12), length: 1 byte: 0x00        AVVID untrusted ports CoS (0x13), length: 1 byte: 0x00        Management Addresses (0x16), length: 13 bytes: IPv4 (1) 193.168.0.254        unknown field type (0x1a), length: 12 bytes:          0x0000:  0000 0001 0000 0000 ffff ffff1 packets captured1 packets received by filter0 packets dropped by kernel

$ sudo tcpdump -nn -v -i eth0 -s 1500 -c 1 'ether[20:2] == 0x2000' | grep GigabitEthernet[sudo] password for neo:tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1500 bytes        Port-ID (0x03), length: 21 bytes: 'GigabitEthernet1/0/15'1 packets captured1 packets received by filter0 packets dropped by kernel

运行命令后显示

Port-ID (0x03), length: 21 bytes: 'GigabitEthernet1/0/15'

?这个就是交换机对应的端口

在每个服务器上创建一个脚本port.sh

tcpdump -nn -v -i eth0 -s 1500 -c 1 'ether[20:2] == 0x2000' | grep GigabitEthernet

然后批量执行

for ip in {23..32} {49,50,53,54} {81..92} {121..127}; do rsh [email protected]$ip port.sh & done &

查寻服务器对应交换机端口

Netkiller Cisco IOS 手札

netkiller?Neo Chan