nmap ping scan doesn’t populate arp cache

This drove me absolutely bats**t mental. I couldn’t understand why running an nmap -sP (locally attached subnet) as root hit all the available hosts, but didn’t populate the local arp cache when you looked at the output of arp -a.

It seems that the -sP parameter (ping only) doesn’t hit the required level of the OS stack to populate the cache, even when running as root, so the required steps are:

1) Ensure that you can run nmap as root via sudo to allow raw socket capability.
2) Add the –send-ip option to the nmap command. This will ensure that the command uses raw sockets and populates the ARP table.


nmap -sP -n --send-ip

Then you will see that the ARP table is updated with:

/sbin/arp -a

The reason I needed this was because I had to enhance the network mac/ip/dns resolution script to use local ARP entries. Without this option, the hosts are shown as up but the OS arp table never gets updated.

Beware that if you run nmap -sP as an unpriveleged user, it’s almost useless as it targets TCP port 80 (according to the man page) rather than using ICMP echoes.

Apparently, fping has an option to support this (-g), but I rarely see it installed as part of a standard build.

Basic BGP Peering Reports via Shell Script/Cron

We want to poll a large number of PE routers to check the status of peerings to our customers. This means grabbing the bgpPeerStates from each router and then putting everything into a single summary email. The script below will accomplish this, however, it should be noted that the description is only for each router, NOT for each peer. A future revision may fix this but for the time being, it’s not getting any more complicated than this…

The author has chosen to make this content private.


[networkops@nettools ~]$ ./bgpreport
| NODE       | Description                                        | Peer IP         | State        |
| | BGP Test RTR 1                                     |      | up           |
| | BGP Test RTR 2                                     |      | up           |

It is also possible to email an HTML version of this report via cron to email recipients with the HTML version of the script.

The author has chosen to make this content private.

HP NNMi Connection Editor

As there’s no easy way to add or delete links from the NNMi GUI, and some people are averse to editing XML files, here is a simple connection editor to generate the XML required. If you’re logged in as a normal user, you should run nnmsetcmduserpw.ovpl to save a load of hassle with inputting the username and password each time or having to run things under root via sudo.

From 9.22 onwards, it seems that nnmconnedit.ovpl doesn’t like reading files in folders that aren’t owned by root (such as home dirs) – weird!

/tmp works fine though, hence the location the generated files are saved to.

This will also allow you to deal with problematic “cloud” connections (usually from FDB discovery) by specifying more than 2 endpoints.

# XML Corrections file builder for NNMI
# sol@subnetzero.org
defineconn() {
while [ -z "$OPER" ];
   printf "[a]dd or [d]elete? "
   read RESP
   case $RESP in
        a)      OPER="add";;
        d)      OPER="delete";;
        *)      echo "Unknown option.";;
   echo "operation: $OPER"

while [ "$CONNS" -eq "0" ];
   printf "Number of endpoints (default 2)? "
   read CONNS
   case $CONNS in
        [2-9])  echo "Endpoints set to $CONNS";;
        *)      CONNS=2 ;
                echo "Endpoints set to $CONNS";;
   echo "operation: $OPER"

while [ "$ELEM" -le "$CONNS" ];
   printf "     Node$ELEM:"; read NODE
   printf "Interface$ELEM:"; read INTF


ELEM=$(( $ELEM + 1 ))


# Starts here


echo " *** NNMI Connection Edit XML Generator *** "

while [ -z "$FINISHED" ];
printf "define another? (y/n): "; read YESNO
case $YESNO in
        y|Y)    defineconn;;
        n|N)    FINISHED=true;;
        *)      echo "Aborting";

printf "Closing connectionedits tag\n"

echo "$XML" > $OUTFILE
echo "Completed. XML is written to $OUTFILE"
echo "Run /opt/OV/bin/nnmconnedit.ovpl -f $OUTFILE"

Example output, deleting a connection that was decommissioned.

[sol@nnmi-server ~]$ nnmiconntool
 *** NNMI Connection Edit XML Generator ***
[a]dd or [d]elete? d
operation: delete
Number of endpoints (default 2)?
Endpoints set to 2
operation: delete
define another? (y/n): n
Closing connectionedits tag
Completed. XML is written to /tmp/connections_sol.xml
Run /opt/OV/bin/nnmconnedit.ovpl -f /tmp/connections_sol.xml
[sol@nnmi-server ~]$  /opt/OV/bin/nnmconnedit.ovpl -f /tmp/connections_sol.xml
Connection 1 was successfully deleted.

[sol@nnmi-server ~]$

Lottery Number Picker

Simple lottery picker. We run 49 iterations, appending the value of $RANDOM to each, then sort by the $RANDOM field (2), pick out the top 6, sort numerically and print out on a single line.

There are a tonne of different ways to do this but this was the one I settled on. Still not convinced how “random” $RANDOM is as you can sometimes see some patterns if you run a load of iterations close together. :)

# UK Lottery number picker.
for i in `seq 1 49`
   echo "$i $RANDOM"
done | sort -k +2 | head -6 | sort -n | awk '{printf "%2s ",$1}END{printf "\n"}'
[sol@testbox ]$ ./lottery
 4  5 22 28 29 34

Resolve MAC addresses to Port, IP and DNS Name

Resolving MAC address to port, IP and DNS or name service name (or more simply for some, resolve mac to name) is a challenge that every network engineer has come across at some point in their career. It’s easily solved with a bit of thought and logic. Unfortunately the past few products I’ve dealt in the past with for this purpose have either been abandoned or aren’t as multi-vendor as I’d like, so it seems that the only solution is to write your own… bash and expect is sufficient.

If you’re thinking about doing this (and it’s a great learning exercise), you need to get around the following:

– Determining which interfaces are trunks on the switches so you can strip those MAC entries out (CDP works quite well)
– Converting ARP and MAC info into a “clean” format (eg: CatOS and IOS output is a different format)
– Detecting the fields across various pieces of hardware as display output isn’t always consistent for the same commands
– Inconsistent logins/passwords
– Correlating the IP/MAC/Interface information together. This can be done with the UNIX join command and some awk/sed
– What you do with MACs that don’t resolve to an IP address (I include a flag to print these if required)
– Whether the machine you run DNS queries on will be able to resolve the IPs to PTR records
– If using expect, stripping out stray characters (eg \r) that will mess up your greps and other string searches
– Add plenty of debugging so you can quickly tell why something isn’t working properly

I used expect to go and grab the ARP, CDP and MAC information seeing as you can’t get all the required information from SNMP on many devices these days. In my case, this results in the following type of output:

Switch       Interface       VLAN  MAC             IP               DNSName
nycsw12      Fa3/10          100   0060.b0aa.0000    NO_DNS
nycsw12      Fa2/16          99    1060.4b61.0001     nyc-pc573.company.corp.
nycsw12      Fa2/37          101   1060.4b64.0002    nyc-pc555.company.corp.
nycsw12      Fa2/42          101   1060.4b68.0003   nyc-pc572.company.corp.
nycsw12      Fa2/45          98    1060.4b6a.0004     nyc-pc588.company.corp.
nycsw12      Fa2/32          98    1060.4b6a.0005    nyc-pc601.company.corp.
nycsw12      Fa3/3           100   2c41.389e.d19f    nyc-pc480.company.corp.
nycsw13      Fa2/4           100   5c26.0a01.0ac4    nyc-pc246.company.corp.
nycsw13      Fa2/6           100   6c3b.e531.2ddf    nyc-pc745.company.corp.

Of course, you can always just use Excel to do a VLOOKUP of your mac-address table output against a sorted table containing all your arp entries, but that’s a bit less automatic.