RE: Physical ports in IOS

["Ramsdell, Scott" <sramsdell () stinsonmoheck com>]

Eduardo,

On a 6500, the command is "sho cam <MAC>" with the MAC in the format
xx:xx:xx:xx:xx:xx

This will give you the port that the MAC shows up on.

Next, you will want to make sure the MAC isn't on a trunk port, coming
in from another switch.

So, you: "sho cdp neigh <port> /details"

If you get an IP in the "details" report above, the MAC is on a
different switch.  Telnet to the IP of the switch and use "sho cam" if
it's a 65xx, or "sho mac".

Best Regards,
Scott Ramsdell

-----Original Message-----
From: Eduardo Espina [mailto:eduardomx () gmail com] 
Sent: Wednesday, June 14, 2006 3:27 PM
To: Luis Gutierrez
Cc: pen-test () securityfocus com
Subject: Re: Physical ports in IOS

Hi,

Thanks for the tip, I forgot to say, i'm in a Cisco Catalyst 6500 with
IOS 12.1(8b) and there's no sh mac-address-table command available. I do
have the enable password, show privilege give me level 15. All
references to interfaces are to Vlan# but no physical ports anyway.

Is there a separate port for switch configuration and router
configuration?, i have other Cisco devices for testing and i found the
show mac-adress-table useful, but with IOS 12.4. Is it a problem with
IOS version?

Thanks,
Eduardo.

On 6/14/06, Luis Gutierrez <lgutierrez () foxhollowtech com> wrote:
> Here is a sample of how to do it:
>
> 740S3C22#sh ip arp xx.xx.xx.56
>
> Protocol  Address          Age (min)  Hardware Addr   Type   Interface
> Internet  xx.xx.xx.56             1   0011.434c.8b43  ARPA   Vlanxx
>
>
> 740S3C22#sh mac add add 0011.434c.8b43
>
> Unicast Entries
>  vlan   mac address     type        protocols               port
> -------+---------------+--------+---------------------+---------------
> -------+---------------+--------+---------------------+--
> ---
>   xx    0011.434c.8b43   dynamic ip
> GigabitEthernet6/1
>
>
> -luis
>
>
> -----Original Message-----
> From: Eduardo Espina [mailto:eduardomx () gmail com]
> Sent: Tuesday, June 13, 2006 7:21 PM
> To: pen-test () securityfocus com
> Subject: Physical ports in IOS
>
> Hi,
>
> I'm pen-testing a network and i've already gained access to a Cisco 
> switch in certain VLAN; i'm stucked in getting a SPAN port in the 
> physical port where i'm attached or changing that port to a different 
> VLAN; "show interfaces fastethernet" doesn't work, and "show 
> interfaces" just output the MAC address of the VLAN, but i can't find 
> the way to correlate IP (mine) with the physical port (Fa0/3 i.e.).
>
> Some idea?
>
> Thanks,
> Eduardo.
>
> ----------------------------------------------------------------------
> --
> ------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the 
> Analyst's Choice Award from eWeek. As attacks through web applications

> continue to rise, you need to proactively protect your applications 
> from hackers. Cenzic has the most comprehensive solutions to meet your

> application security penetration testing and vulnerability management 
> needs. You have an option to go with a managed service (Cenzic 
> ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download 
> FREE whitepaper on how a managed service can help you: 
> http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm 
> your results from other product. Contact us at request () cenzic com for 
> details.
> ----------------------------------------------------------------------
> --
> ------

------------------------------------------------------------------------
------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's Choice Award from eWeek. As attacks through web applications
continue to rise, you need to proactively protect your applications from
hackers. Cenzic has the most comprehensive solutions to meet your
application security penetration testing and vulnerability management
needs. You have an option to go with a managed service (Cenzic
ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download
FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm
your results from other product. Contact us at request () cenzic com for
details.
------------------------------------------------------------------------
------
 
 
This communication is from a law firm and may contain confidential and/or privileged information. If it has been sent 
to you in error, please contact the sender for instructions concerning return or destruction, and do not use or 
disclose the contents to others.

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------