SonicWall ARP Cache Logs Part 2

After doing a bit of testing with different SonicWall devices, I’ve noticed that on some models the paramiko authentication fails. It appears this occurs because the copyright notification is displayed after username is entered and prior to the password prompt. Running debug logs with paramiko, the logs show that paramiko registers the SonicWall copyright notification as a successful authentication but since the SonicWall is still expecting a password the user never successfully authenticates. If there is a solution to this issue I have not been able to find it. Since I want to be able to run these scripts from a Windows system it was also not feasible to try to run an SSH client using pexpect. For SonicWall devices for which the paramiko authentication fails, I’ve written a script using pywinauto and Putty. To set this up I first followed the steps listed below to set up Putty:

  1. I copied the Putty executable to the same folder that will hold the Python file to make referencing the file location simple.
  2. I set up a saved session within Putty for each firewall that I would be connecting to so I could easily reference each session by name. I also set the Putty option to always close the window when Putty exits.
  3. bputty

  4. When setting up the saved Putty session I also saved custom logging options for each session, these logs will be saved when the script runs and in a future post I’ll go over various options for parsing and reviewing the information.
  5. bputty2

Once I finished the Putty setup I wrote the script below to log into the firewalls and export the ARP cache. Just as in the previous post, I am using keyring for password storage. Using keyring on Windows means the passwords will be stored in the Windows Credential Vault. Before you can reference credentials, you will need to set up the credentials. You can set up keyring credetials as follows:

import keyring
keyring.set_password(service_name, username, password)

You can then reference the credetials in your script using the “service_name” and “username”. Below is the script that runs Putty to connect to SonicWall devices to export the ARP cache.

import pywinauto
import time
import keyring

app = pywinauto.Application().Start(cmd_line='putty.exe -load test2')   #test2 is the name of the putty saved session
putty = app.Putty
putty.TypeKeys(keyring.get_password('p1',"admin"))  #keyring service_name and username
putty.TypeKeys("no {SPACE} cli {SPACE} pager {SPACE} session")  #run this to show ARP cache records without paging
putty.TypeKeys("show {SPACE} arp {SPACE} cache")

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s