1

I could see connected device information on user interface of network switch. Is it possible to query the switch for its ARP table using command line or PowerShell?

Following details were added after third comment and first two answers had been written.

Suppose that we have a subnet whose center is a switch, Linux and Windows based computers are connected to the switch. Let us assume we have a Windows computer in the network, and we have intended to send data packet to another computer in the subnet. Consequently, we need to know its address.

At this point, I tried to send PING request towards broadcast IP address of the network in order to exploit arp command of Windows, yet none of hosts responded me. That is, our computer`s ARP table was not refreshed by new entries. Probably, modern Linux and Windows based systems do not support broadcast property of computer networks because of valid security reasons.

That is why, I have thought of fetching ARP table of the switch to host via host`s command shell.

Improve this question
3
  • 1
    Sorry but this question can't be answered. There are great many switches from different manufacturers - so let's start by Which switch are we talking about? Personally I'm not aware of any Windows commands that can directly query a switch this way. You should look into SSH and SNMP. Please don't answer in a comment, but edit your question instead. Please add also more details on how exactly you want to achieve this - do you want to just use a command, or script? Do you need the table stored somewhere? Etc... the more details, the better the advice.
    – Peregrino69
    Commented Feb 11, 2023 at 16:23
  • I do not think so due to the fact that neither Windows commands nor PowerShell cmdlets depend upon hardware manufacturer.
    – STEEL
    Commented Feb 12, 2023 at 4:21
  • Are you specifically looking for an ARP table, and not the bridge MAC table? Most switches won't have anything more than 1 or 2 devices in their ARP table.
    – grawity_u1686
    Commented Feb 12, 2023 at 14:21

1 Answer 1

Reset to default
0

Querying information from a network device requires the device to have a management interface in the first place. This means that an unmanaged device cannot be queried at all.

There are 3 management interfaces: command line, GUI and SNMP. If the device has a serial interface, one can connect a computer directly to that to access the CLI. On remote devices CLI is accessed with SSH or telnet; latter being strongly discouraged for security reasons. GUI interfaces are browser-based.

Which interfaces are available for a device is (or at least should be) found in the device specifications. Soho routers generally have only a GUI, but CLI may be available for some devices. SNMP is extremely rare.

A network device is just a computer designed to perform very specific tasks. Like any computers, they have operating systems designed by the manufacturer. Cisco IOS, ArubaOS, ExtremeXOS, Juniper OS etc. differ in the same way as any other computer OS:s. Cisco IOS doesn't recognize ArubaOS commands.

SNMP is the protocol every network management application uses to manage devices. There are 3 more or less incompatible versions - for example a switch having only SNMPv1 interface cannot be queried with SNMPv2c at all.

To manage the devices SNMP uses Object Identifiers (OID). These have a standardized structure, beginning with the string 1.3.6.1.4.1. This is read:

1     iso - ISO is the name of the group that launched the OID standard 
.3   org - Organization specified next to this figure 
.6   dod - The US Department of Defense 
.1   internet - Determines that communication will be through the internet 
.4 private - States that the device is manufactured by a private company 
.1 enterprise - States that the manufacturer is an enterprise

Next element in the string is the Private Enterprise Number (PEN) which identifies the manufacturer. These are assigned by IANA. For example for Cisco devices the string begins 1.3.6.1.4.1.9, for HP devices it's 1.3.6.1.4.1.11, for Intel devices 1.3.6.1.4.1.343 and so on.

There are a few command line SNMP implementations. Net-SNMP and OpenSNMP are pretty much industry standards. Using them has a few hurdles beyond the protocol version:

  • How to implement SNMP in a device is entirely on the discretion of the manufacturer. An object present on ACME GreatSwitch 2000 may not be implemented in ACME GS 1000; an object present on ACME GS 2000 running ACMEOS 42 may not be available in ACMEOS 41 or 43.
  • While there are some online repositories like OID Info and OiDView, they aren't reliable. Updating them with available OIDs and MIBs is entirely up to the discretion of the manufacturer. Up-to-date info is only available from the manufacturers

... just to name two.

Due to aforementioned reasons it's simply impossible to have a simple command in the vein of query switch arp table. Someone has created an SNMP cmdlet for PowerShell. However just like every other command line SNMP implementation it requires knowledge of available OIDs and how to utilize them.

Improve this answer
2
  • You are right: I had to give more details, and I have done it! Please re-assess this question.
    – STEEL
    Commented Feb 13, 2023 at 7:45
  • Your original question is "can I query a switch ARP table using Windows cmd or PowerShel". I think that's pretty thoroughly answered, tho' I hope @Hackoo updates his answer a bit :-) Isn't more appropriate question now "How can I find the IP addresses of other devices in the network"? If yes, you should choose the best answer to close this and ask a new question. Personally I wouldn't try pinging broadcast address, not all systems respond. I'd run a simple ping sweep instead.
    – Peregrino69
    Commented Feb 13, 2023 at 10:03

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .