Notes:
TraceMAC is a Windows/Linux command-line traceroute tool that allows you to trace a specific MAC address
thru Cisco switches in a large Layer2 network. It works by connecting to a switch using
SSH, SNMP, Telnet, HTTP or HTTPS and do some "show commands" and later process the output, this will
happen recursively until it find the switch where that MAC address (PC/Printer/Etc)
is directly connected.
You can search using a IP address or a MAC address. The script is automatically detecting if the
input query is a MAC or not. If a IP/Hostname is used then the script should be run from a PC that
is on the same VLAN/Subnet with that IP/Hostname, because is trying to get the MAC address by using
PING and ARP. Anyway, if the target IP/Hostname is not in the same VLAN/Subnet, the script can use
another method to get the MAC address over Layer3 using a external device (ssh to it) like a
Cisco Router/Layer3 Switch/PIX/ASA or a Linux Router/Firewall, also the Windows version of this script
can use NETBIOS scan (UDP-137) to detect the MAC address, but if the target is not a Windows PC or is
protected with a firewall will not work!
Important:
It works with Cisco switches only and you must have CDP enabled at least on trunks/links between switches!
Is recommended to add the script location to the system PATH, to be able to run it without going to its folder
Warning (Windows only):
Don't use Plink v0.62 because it has a issue if the SSH user/password are not correct.
Plink doesn't close the connection from the first access denied error message, but let the script enter
all show commands as passwords :( Anyway, the login user should be valid all the time! ;)
Login:
* > This script supports multiple protocols used to connect to Cisco switches in order
to extract the required informations, so please edit the file 'tracemac_cfg.ini'
according to your needs;
* > It also can try to connect to a switch using multiple ways if the first protocol
fails, by changing to another protocol (for more info check the config file);
* > For SSH/Telnet it requires a recommended 'privilege level 1' account;
* > For HTTP/HTTPS use a account with privilege level 15, if privilege 1 fails;
* > For SNMP version 1 and 2c requires a read-only 'community string';
* > For SNMP version 3 requires a read-only SNMPv3 username;
Is tested with Cisco SW Catalyst: 2960,3560,3750,4948,6509,9200,9300,9500 (All protocols)
Nexus: C9332C, 93180YC-EX (NX-OS SSH)
Express 500 (HTTP)
I hope you enjoy this release.
For any request and bugs please contact me by email at "ninix20 {monkey tail} gmail {dot} com"
Changes:
v0.8 - 23/May/2022
*Show MAC address vendor using http://standards.ieee.org/regauth/oui/oui.txt (offline file)
*Add support for finding a MAC address assigned to the switch it self (Interface Vlan). SSH/Telnet/HTTP(S)
v0.7 - 08/Dec/2021
*Update CLI commands to support Nexus devices (NX-OS)
*Update AWK script to support Nexus devices (NX-OS)
*Fix a issue for SSH in Linux version (stty: standard input: Inappropriate ioctl for device)
v0.6 - 04/Dec/2021
*Update Plink to last version (v0.76) in order to support the latest cryptographic features
*Update CLI commands to support Catalyst 9200, 9300, 9500
*Update AWK script to support Catalyst 9200, 9300, 9500
*Add the option 'SSH_SLOW_START_ONLY' to use Plink delay only for a defined list of devices. (no more waiting)
*Fix Plink + Pageant issue, by disabling the use of Pageant in any Plink ssh connections.
*Fix CTRL+C break for Windows. Skip question "Terminate batch job (Y/N)?"
*Check the package integrity for Windows at start. (ckeck if all its files are in the right place)
v0.5 - 09/Mar/2013
*Add support for Linux (Bash script. Requires: nc,wget,ssh,snmp-tools,awk)
*Add support for SNMP version 3 ('noAuthNoPriv', 'authNoPriv' and 'authPriv)
*Add support for multiple SNMP strings for version 1/2c (Declare a array of community's)
*Add a new option (in config) to solve a issue with Plink on some devices (check SSH_SLOW_START in config file)
*Add a new method (optional) to detect the MAC address by using a external device (Cisco Ro/L3 SW/PIX/ASA or Linux machine)
*Add auto escape passwords for Windows and Linux. (In Windows batch can't use double quotes, on Linux anything is allowed).
*Add options to customize the timeout/retry values for all the tools used by the script
*Add more info (interface description) from the interface where the MAC was found
*Add more info at start (optional) to show how the mac address was discovered (this is more for debug)
*Add more info (optional) showing what protocol was used to connect on switches (this is more for debug)
*Fix for Plink. I've replaced 'y' with 'n' to skip SSH key accept (new switch of modified key from the one stored in cache)
It will no longer trigger 'Translating "y"...domain server (x.x.x.x)' if you have the command "ip domain-lookup" on your switches (no more waiting)
*Fix a ugly bug, 192.168.123.123 was automatically detected as a MAC address ;))
*Fix for next hop SW by excluding devices that speaks CDP but are not Switches (like Routers/IP Phones/etc)
*Major code improve
v0.4 - 29/Jun/2012
*Add support for SNMP versions 1 and 2c
*Improve the code
v0.3 - 28/Mar/2012
*Fix the error for Telnet protocol with Plink
*Add the http and https protocols with Wget for switches like Express 500 (this one has no console/telnet/ssh, only web access)
*Add optional different username/password for http/https
*Add the possibility to use multiple protocols and if one fails it goes automatically to the next one. ssh,telnet,http,https
*Add error management for Plink/Wget
*Add option to show/hide multiple errors when multi protocols is used
*The package contains all the necessary tools: Plink, Wget, Gawk, Nbtscan - (This is the reason for 546k)
v0.2 - 07/Mar/2012 (unpublished)
*Allow you to set a default Switch inside the configuration file, so you don't need to enter the switch IP/Hostname
all the time this can be overwritten by using a second parameter in the command line Ex: 'tracemac x.x.x.x <SW_IP>'
*Automatically detects if the input query is a MAC address or a IP/Hostname, so no "-m" parameter required
*Add MAC scan method by using NETBIOS for Layer3 detection (Optional, default DISABLED)
*Add all the configuration in one single file "tracemac_cfg.ini"
*The package contains all the necessary tools: Plink, Gawk, Nbtscan - (This is the reason for 300k)
*Improve the code and fix some minor issues
v0.1 - 22/Aug/2011 (unpublished)
*Command line tool used to trace a mac address in a Layer2 environment (Cisco SW)
*Supports only SSH (Telnet from v0.3)
Download Latest Version
tracemac-windows-v0.9.zip (1.8 MB)
