Skip to main content

3. Additional Data

You are here:
< All Topics

NP-View and NP-Live can import data from third party systems to enrich the analysis.  The below data files are supported and can manually be imported using drag and drop or if using NP-Connect, files can automatically be imported from a shared network drive. Import configuration files first or with additional data files or a system error will occur. If additional data is input after configuration files, custom views will not be regenerated with the new data until updated configuration files are processed.


Once network device configuration files have been imported, one can also import a hostname file to add additional hosts to the topology map and asset inventory. The hostname file is a simple text file with two columns: IP address and hostname separate by a tab.  For example:    host0    host1   server0

Address Resolution Protocol (ARP)

The output of the show arp command on a router / switch can be imported into a workspace to create new nodes and associate MAC addresses. The file should include the prompt with the hostname of the device from which the command was executed and the command itself (show arp). For example:

<hostname># show arp
  outside d867.da11.00c1 2
  inside 000c.295b.5aa2 21
  inside 000c.2933.561c 36
  inside 000c.2ee0.2b81 97

Additionally, the arp -a > arp_table.txt command on a Windows computer will output the arp file to a text file.

Interface: --- 0x6
  Internet Address      Physical Address      Type          88-3d-24-76-49-f2     dynamic         50-dc-e7-4b-13-40     dynamic         1c-fe-2b-30-78-e5     dynamic         8c-04-ba-8c-dc-4d     dynamic

Netstat for process list

The output of the Netstat command on Windows and Linux can be saved to a text file and then imported into a workspace. Service information will be extracted from the Netstat output file and added to the host attribute. The flags to use for the Netstat command are:

  • On Windows: netstat -abon
  • On Linux: netstat -atunp

Netstat for routes / route table dump

The command netstat -rn can provide a list of routes that can be parsed by NP-View and NP-Live. The output of the command show route on Cisco devices can also be parsed. It is important to name the files that include the output of those commands after the hostname of the device where the command was issued (for example: {hostname}.txt). This will enable NP-View and NP-Live to associate the route information with the proper device.

Network and vulnerability scanners: Nmap / Rapid 7 Nexpose / Tenable Nessus

The output from network and vulnerability scanners can be imported into a workspace to add new hosts and port information to the topology map and host attributes. The supported scanners are: Nmap (nmap -oX), Nexpose, and Nessus. One should save their report using the XML format to properly import into NP-View or NP-Live.

Network tracing

Network tracing logs (PCAP) are useful to troubleshoot issues related to network connectivity. These logs can be obtained from Wireshark software. Tcpdump utility can be used to collect logs from Linux. These files can be imported into a workspace and displayed on a per device basis.

Table of Contents