Notes:
TraceMAC is a Windows command-line traceroute tool that allows you to trace a specific MAC address
thru Cisco switches in a large Layer2 network. It works by connecting to a switch using
SSH, SNMP, Telnet, HTTP or HTTPS do some "show commands" and later process the output, this will
happen recursively until it find the switch where that MAC address (PC/Printer/Etc)
is directly connected.
You can search using a IP address or a MAC address. The script is automatically detecting if the
input query is a MAC or not. If a IP/Hostname is used than the script should be run from a PC that
is on the same VLAN/Subnet with that IP/Hostname, because is trying to get the MAC address by using
PING and ARP. Anyway, if the target IP/Hostname is not in the same VLAN/Subnet, the script will use
another method to get the MAC address over Layer3 using NETBIOS scan (UDP-137), but if the target
is not a Windows PC or is protected with a firewall will not work!
Important:
It works with Cisco switches only and you must have CDP enable at least on trunks/links between switches!
Please notice that this script always enter 'y' to skip SSH key accept for switches where the SSH key is
not already stored in cache! and if you don't have the command "no ip domain-lookup" on your switches it
will take more time! Also is recommended to add the script location to the system PATH, to be able to
start it without going to its directory...
Warning:
Don't use Plink v0.62 because it has a issue if the SSH user/password are not correct.
Plink doesn't close the connection from the first access denied error message, but let the script enter
all show commands as passwords :( Anyway, the login user should be valid all the time! ;)
Login:
This script requires a recommended 'privilege level 1' account for switch login
Please edit 'tracemac_cfg.ini' to change the username/password local account or ACS.
Is tested with Cisco SW: 2960, 3560, 3750, 4948, 6509, Express 500
I hope you enjoy this release.
For any request and bugs please contact me by email at "ninix20 {monkey tail} gmail {dot} com"
Changes:
v0.4 - 29/Jun/2012
*Add support for SNMP versions 1 and 2c
*Improve the code
v0.3 - 28/Mar/2012
*Fix the error for Telnet protocol with Plink
*Add the http and https protocols with Wget for switches like Express 500 (this one has no console/telnet/ssh, only web access)
*Add optional different username/password for http/https
*Add the possibility to use multiple protocols and if one fails it goes automatically to the next one. ssh,telnet,http,https
*Add error management for Plink/Wget
*Add option to show/hide multiple errors when multi protocols is used
*The package contains all the necessary tools: Plink, Wget, Gawk, Nbtscan - (This is the reason for 546k)
*Improve the code and fix some minor issues
v0.2 - 07/Mar/2012 (unpublished)
*Allow you to set a default Switch inside the configuration file, so you don't need to enter the switch IP/Hostname
all the time this can be overwritten by using a second parameter in the command line Ex: 'tracemac x.x.x.x <SW_IP>'
*Automatically detects if the input query is a MAC address or a IP/Hostname, so no "-m" parameter required
*Add MAC scan method by using NETBIOS for Layer3 detection (Optional, default DISABLED)
*Add all the configuration in one single file "tracemac_cfg.ini"
*The package contains all the necessary tools: Plink, Gawk, Nbtscan - (This is the reason for 300k)
*Improve the code and fix some minor issues
v0.1 - 22/Aug/2011 (unpublished)
*Command line tool used to trace a mac address in a Layer2 environment (Cisco SW)
*Supports only SSH (Telnet from 0.3)
Download Latest Version
tracemac-windows-v0.9.zip (1.8 MB)
