#!/bin/sh 
# arpextract.sh by Michael J. Martin Version 1.34 12-05-04

ARPDATA=arptmp 
RPLST=arptmp2 

touch $ARPDATA 
touch $RPLST 

# CLI Values:

# $1 = user
# $2 = host
# $3 = flag
# $4 = search

if [ "$1" = "" ] 
then echo "Username has been specfied ";exit 
fi

if [ "$1" = "-h" ] 
then 
echo " 
Arpextract.sh fetches via SSH RCMD the ARP table off a Cisco IOS based switch to
build ARP and Active IP Host reports to the CLI or reportfile. VTY Banners must 
be disabled for data extraction and reporting to function properly.

Command Syntax: <username> <host> <flag> <search prefix>

Extract the active IP address table = -i 
Extract IP active address table to a report = -ir <xxx.xxx.xxx or Vlan#>
Extract IP and ARP address table = -a 
Extract IP active and ARP address table to a report = -ar <xxx.xxx.xxx or Vlan#>

For best results run activehosts.sh prior to running this script.

";exit 
fi

if [ "$2" = "" ] 
then echo "No host been specfied";exit 
fi


if [ "$3" = "" ] 
then echo "No report flag has been specfied";exit 
fi

# Connect to switch and dump the ARP table.
ssh -l $1 $2 sh arp > $ARPDATA; echo "Collection Complete."

# Dump IP -> ARP database to CLI

if [ "$3" = "-a" ] 
then 
if [ "$4" = "" ]
then
cat $ARPDATA > $RPLST; echo "IP to ARP Database for $2";cat $RPLST | awk '{print $2 " " $4 | "sort -t +1.13" }' | grep -v "Incomplete";exit
else
more $ARPDATA | grep $4 > $RPLST;echo "IP to ARP Database for $4 on $2";cat $RPLST | awk '{print $2 " " $4 | "sort -t +1.13" }' | grep -v "Incomplete";exit
fi
fi

# Dump IP -> ARP database to a report

if [ "$3" = "-ar" ]
then
if [ "$4" = "" ]
then
cat $ARPDATA > $RPLST;echo "Formatting Data...";cat $RPLST | awk '{print $2 " " $4 | "sort -t +1.13" }' | grep -v "Incomplete" | grep -v "Address" > ./arpdump.txt;echo "ARP Table for $2 Completed...";more arpdump.txt;cp arpdump.txt ARPdump-$2-`date +%m-%d-%y`;echo Report Saved as ARPdump-$2-`date +%m-%d-%y`;rm -rf $ARPDATA;rm -rf $RPLST;rm -rf arpdump.txt;exit
else
more $ARPDATA | grep $4 > $RPLST; echo "Formatting Data...";cat $RPLST | awk '{print $2 " " $4 | "sort -t +1.13" }' | grep -v "Incomplete" > ./arpdump.txt;echo "ARP Table for $4 on $2 Completed...";more arpdump.txt;cp arpdump.txt $4-ARPdump-$2-`date +%m-%d-%y`.txt;echo Report Saved as $4-ARPdump-$2-`date +%m-%d-%y`.txt. Created arpresolv.txt for ARP-Lookup.pl;rm -rf $ARPDATA;rm -rf $RPLST;rm -rf arpdump.txt;cat $4-ARPdump-$2-`date +%m-%d-%y`.txt | sort > arpresolv.txt  ;exit
exit
fi
fi

# Extract IP Host Table from ARP database to CLI

if [ "$3" = "-i" ] 
then 
if [ "$4" = "" ]
then
cat $ARPDATA > $RPLST;echo "Active IP Hosts extracted from the ARP Database on $2";cat $RPLST | grep -v "Address" | awk '{print $2}' | sed '$d';exit 
else
more $ARPDATA | grep $4 > $RPLST;echo "Active IP Hosts extracted from the ARP Database on $2";cat $RPLST | awk '{print $2 " " $4 | "sort -t +1.13" }' | grep -v "Incomplete";exit
fi
fi

# Extract IP Host Table from ARP database to a report

if [ "$3" = "-ir" ]
then
if [ "$4" = "" ]
then
cat $ARPDATA > $RPLST;echo "Formating Data...";cat $RPLST | awk '{print $2 | "sort -t +1.13" }' | grep -v "Incomplete" | grep -v "Address" > ./arpdump.txt;echo "Active IP Host Table for $2 Completed...";more arpdump.txt;cp arpdump.txt IPdump-$2-`date +%m-%d-%y`;echo Report Saved as IPdump-$2-`date +%m-%d-%y`;rm -rf $ARPDATA;rm -rf $RPLST;rm -rf arpdump.txt;exit
else
more $ARPDATA | grep $4 > $RPLST;echo "Formating Data...";cat $RPLST | awk '{print $2 | "sort -t +1.13" }' | grep -v "Incomplete" | grep -v "Address" > ./arpdump.txt;echo "Active IP Host Table for $4 on $2 Completed...";more arpdump.txt;cp arpdump.txt $4-IPdump-$2-`date +%m-%d-%y`.txt;echo Report Saved as $4-IPdump-$2-`date +%m-%d-%y`.txt;rm -rf $ARPDATA;rm -rf $RPLST;rm -rf arpdump.txt;exit
fi
fi



 