Real World Example: Determining an APC battery backup IP Address with tcpdump

While not overly complicated, we ran into a problem at work the other day relating to an APC battery backup unit. The unit in question was an APC Symmetra PX. The problem was that it was connected to the network, but we didn’t know what the IP address of the unit was. Nor did we know if/what the unit was communicating to the other computers on the network. We could not change the configuration of this unit, but we needed to get into the web gui for maintenance purposes.

Thus started our short adventure. Now there are many tools to complete this task, but being a Linux enthusiast, I chose TCP dump on a Debian laptop. We plugged the laptop into the hub that the APC was on, which then whent on to a network switch and a bunch of computers, etc. The entire network is on the 192.168.2.1/24, so I set my laptop for 192.168.2.211, as there was no DHCP server. Oddly enough, everything was set statically when this was set up. Part of the reason that we don’t know what everything was.

I disconnected the APC ethernet from the Hub to the switch, so only my laptop and the APC were on the hub. Then I opened up a terminal and:

$ su
# tcpdump -i eth0 -tl
This removes the time stamp (-t) and buffers the lines (-l) to keep me from missing anything.

This however produced way too much traffic. So I then used:

# tcpdump -i eth0 ip and not net 127.0.0.1 -tl |grep -v 192.168.2.211
This prevented me from listening to anything on the loopback and cut out everything coming from the laptop that I had.

There was only one candidate left. 192.168.2.45. So, hooking everything back up, I could then watch what the APC was doing.

# tcpdump -i eth0 src 192.168.2.45 -tl

And there was the answer: the APC (192.168.2.45) was sending a packet of information every 45 seconds or so to a host called the ET-Client, which was 192.168.2.5.

So, disconnecting my laptop, and double checking that all of the wiring was proper, I then went to the ET-Client host computer and viola! Using the web browser I could connect to http://192.168.2.45 and was greeted by the login prompt.

Fortunately we were able to figure out the password and now have a viable means to communicate with the APC unit from the host computer within the system.

Linux – keep it simple.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s