MRTG / SWITCH resolving switch mac address to IP

Question

I am using MRTG to log the traffic.

Recently, I saw something not very kosher from our file server which sends data out for 16 hours.

Our File Server is in the cloud. It has a 25mbps to 50mbps connection to the internet. Sending data to anywhere directly would make much more sense, than this case, to take the data into the local network, and send the data back out to somewhere else.

I have the Mac address for that switch port on MRTG: 64-51-06-c3-ef-e3 Is there anyway I can get MRTG to resolve the IP address attached to that switch port (assuming there is only one device on that port)?

I have an HP2920 Switch using MRTG 2.17.4 The file server & user environment here are Windows. But I have a Debian 7 server that I can use if there are commands that can be issued.

Please help. Thank you

Michael

Am I missing something? Is my math wrong? That looks like less than 2 MB of traffic transferred over 16 hours. — joeqwerty, Dec 02 '16 at 18:36
you're not missing much. It's just mind boggling that I'm not able to know what is going on. — Michael Chang, Dec 02 '16 at 19:02

score 0 · Answer 1 · answered Dec 05 '16 at 03:16

You can look at the arp tables and see if you find the MAC address in there.

Here is an example:

$ cat /proc/net/arp
IP address       HW type     Flags       HW address            Mask     Device
10.0.0.1         0x1         0x2         5c:b0:66:02:27:d1     *        wlp6s0
10.0.0.24        0x1         0x2         00:90:a9:3c:a8:b6     *        wlp6s0
10.0.0.100       0x1         0x2         00:10:75:35:82:c2     *        wlp6s0
10.0.0.251       0x1         0x2         cc:6d:a0:09:0b:bd     *        wlp6s0

MRTG / SWITCH resolving switch mac address to IP

1 Answers1