→ Celebrate SysAdmin Day 2024 with Lansweeper Enter our Giveaway here

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
bob_11
Engaged Sweeper III
I have found this to be a greate custom action. you will need two programs to make this work. first is psexec from pstools. second is tcpdump.exe you can google it it says its a trial version but it keeps working.

SYNTEX:

cmd.exe /K "{actionpath}psexec.exe \\{ipaddress} -c -f {actionpath}tcpdump.exe -i 3 -nn -v -s 1500 -c 1 ether[20:2] == 0x2000 | findstr "Device-ID Address Port-ID Platform" & {actionpath}psexec \\{ipaddress} cmd DEL c:\Windows\System32\tcpdump.exe"

what this does is copies the tcpdump file to a remote computer and then it generates CDP packets (cisco discovery protocal) that will communicate with the directly connected switch that the remote computer is connected to.

it will give you the name of the switch that you are connected to and what port the computer is pluged in to along with the switch model. this is a great feature. For a messy network with little documentation

note you might need to tweak the tcpdump settings a little if the computer has multiple nics it will work on windows 2000, win xp, 7, server 2003, server 2008 and works 99% of the time.

you could also avoid using psexec a second time in the above statement and just have DEL c:\Windows\System32\tcpdump.exe as you are already psexec'ed in to the computer.

i hope everyone likes it feel free to leave some thanks 🙂




8 REPLIES 8
FrankW
Engaged Sweeper III
Works like a charm, thx for the great work!!! 🙂
bob_11
Engaged Sweeper III
I have created a modified version that will use a batch file instead of just one command... I did this becuase i noticed that alot of my servers werent mapping as they should because I was staticly mapping the interface i was using like I explained to FrankW ((my own advice cought up with me)) soo what this does is runs the command tcpdump.exe -D on the remote computer this will give you a list of interfaces found on that computer. You will be prompted to enter 1 - X you can reference the wake on lan interface if you dont know which interface is active. then it will take your response and append it in the batch file. and will get the desired ports info.

the custom action command is
cmd.exe /K "{actionpath}PortMapper.bat {actionpath} {ipaddress} {actionpath} {actionpath} {ipaddress}"


you will want to please this inside the batch file PortMapper.bat

@echo off
%1psexec.exe \\%2 taskkill /F /IM tcpdump.exe

%1psexec.exe \\%2 -c -f %3tcpdump.exe -D

%1psexec.exe \\%2 ipconfig /all

:input
set INPUT=
echo.
echo.
echo.
set /P INPUT=Type Interface: %INPUT%

%1psexec.exe \\%2 -c -f %3tcpdump.exe -i %INPUT% -nn -v -s 1500 -c 1 ether[20:2] == 0x2000 | findstr "Device-ID Address Port-ID Platform" & %4psexec \\%5

cmd DEL c:\Windows\System32\tcpdump.exe"



and that should solve the issue with some computers not working and others working.
bob_11
Engaged Sweeper III
You are getting that error because you have more then one adaptor or virtual adaptors. So you will need to choose a different adapter look at my other posts. I have referenced to tcpdump documentation

http://www.lansweeper.com/forum/yaf_postst6608_Remote-Packet-capture-GREAT-Custom-Action.aspx

This will expain the syntax the key is -D .

If you just type tcpdump -D it will list the adapters. This will allow you to see the active adapter



To make this dynamic so it works with all computers you will need to pass that error in to a batch file that has an if statement comparing the error and then move to the next adapter.
FrankW
Engaged Sweeper III
that's a very useful custom action, thanks!

i'm only having a problem with my DELL computers, i always get the message "invalid adapter index". but it works with the Fujitsu machines we have.
Since i'm not used to tcpdump, is there anyone around that could help me on that problem?

thanks 🙂
bob_11
Engaged Sweeper III
yes it does work in a dell environment as we have around 500 optiplex 990s. there are a few things that can be happening. first you might not be waiting long enough to receive back cdp packets. i have seen it vary alot sometimes i get a response back in 3 seconds other times it takes 30 -40 seconds it all matters. second since these are cdp packets that are being simulated the switch will need cdp enabled on your switches or router at least while you run these test. then you can disable it as needed as it is a security risk. we also work mostly off of dell servers and it works great... there are a few that give me issues but i just run them again and poof. i hope that helps
snigah
Engaged Sweeper II
Hi Bob 11,

Great action. Do you know if its possible to use it in a dell environment? It doesnt seem to work here.

BR
bob_11
Engaged Sweeper III
Yes it is a trail as I stated but its a 180 day trial which is more than enough to map your entire network... And use sql cmd to input the info in to lansweeper database all via custom actions 🙂 mission accomplished. Only thing I need now is custom action reports...

And if you don't want to use microolabs trial you can always use winpcaps rcap which is similar.. Hell windump should do the trick as well
Jono
Champion Sweeper II
Hey bob 11,

This is a great idea; thanks for posting it. Unfortunately, the Tcpdump is way too pricey for my budget. There is a trial period, but the license agreement requires that it be purchased if it's used past the trial.

Jono