AANTS - scraper, mactrapper, macwatch, and other NetWatch Foundation Tools

This document attempts to demystify the AANTS physaddrwatch, mactrapper and catwatch tools, which work behind the scenes to populate the AANTS NetWatch database.

Scraping of IPv4 and IPv6 MAC address associations

Historically, we had a set of scripts that pulled the IPv4 ARP and IPv6 Neighbor Discovery tables (and IPX, and AppleTalk, for that matter) off of campus routers via SNMP. Due to scaling issues with SNMP, in particular that the protocol requires lexicographical ordering, as the campus network grew in became increasingly infeasible to use SNMP and an approach to use screen scraping of ssh was employed. For some period of time there were tools such as physaddrwatch, physaddrwatch_v6, banphysaddrwatch, and such. These tools have all now been migrated to using the scraper framework which shells out to each router to collect this data. Accordingly there are a set of "processor" scripts that read in this data from the file and perform the appropriate inserts into the database tables used by netwatch.

Scraping of switch port MAC address associations

macwatch

macwatch is a script which connects to every access switch several times an hour and parses the show mac address-table command output from the CLI which shows the MAC addresses learned for every port and stores this information in a database along with the time the MAC address was last seen on a specific port. Data is only stored for ports which opt-in using a tag stored in the interface description, EdgeConf managed ports enable this flag by default. This process doens't use the SNMP standard for polling to reduce the CPU load on the switches and improve performance, although the E911 gateway does perform it's own collection of the same data using SNMP at a slower cadence for locating phones.

mactrapper

mactrapper is a utility that receives MAC change notification traps from Cisco switches. We enable real-time notifications from the switches to enable faster database updates, NetWatch searches should show a near-real-time view of the network. It is the passive companion to the macwatch utility, which does occasional active polling of devices, so we aren't reliant entirely on unreliable push notifications.

See Also


Keywords:
aants, NetWatch, physaddrwatch, mactrapper, macwatch, banaddrwatch, tool, tools, script, scripts, database 
Doc ID:
5291
Owned by:
Mark T. in Network Services
Created:
2007-01-15
Updated:
2026-04-29
Sites:
DoIT Help Desk, Network Services, Systems & Network Control Center, Systems Engineering