3. Additional Data
NP-View and NP-Live can import data from third party systems to enrich the analysis. The below data files are supported and can manually be imported using drag and drop or if using NP-Connect, files can automatically be imported from a shared network drive.
Hostname
Once network device configuration files have been imported, one can also import a hostname file to add additional hosts to the topology map. The hostname file is a simple text file with two columns: IP address and hostname separate by a tab. For example:
192.168.0.10 host0 192.168.0.11 host1 192.168.0.100 server0
Show ARP
The output of the show arp
command on a router or a switch can be imported into a workspace to create new nodes and associate MAC addresses. The file should include the prompt with the hostname of the device from which the command was executed and the command itself (show arp
):
<hostname># show arp outside 10.0.0.100 d867.da11.00c1 2 inside 192.168.1.10 000c.295b.5aa2 21 inside 192.168.1.12 000c.2933.561c 36 inside 192.168.1.14 000c.2ee0.2b81 97
Netstat for process list
The output of the Netstat command on Windows and Linux can be saved to a text file and then imported into a workspace. Service information will be extracted from the Netstat output file and added to the host attribute. The flags to use for the Netstat command are:
- On Windows:
netstat -abon
- On Linux:
netstat -atunp
Netstat for routes / route table dump
The command netstat -rn
can provide a list of routes that can be parsed by NP-View and NP-Live. The output of the command show route
on Cisco devices can also be parsed. It is important to name the files that include the output of those commands after the hostname of the device where the command was issued (for example: {hostname}.txt
). This will enable NP-View and NP-Live to associate the route information with the proper device.
Network and vulnerability scanners: Nmap / Nexpose / Nessus / Qualys
The output from network and vulnerability scanners can be imported into a workspace to add new hosts and port information to the topology map and host attributes. The supported scanners are: Nmap (nmap -oX), Nexpose, Nessus, and Qualys. One should save their report using the XML format in order to import them into NP-View or NP-Live.
Network tracing
Network tracing logs (PCAP) are useful to troubleshoot issues related to network connectivity. These logs can be obtained from Wireshark software. Tcpdump utility can be used to collect logs from Linux. These files can be imported into a workspace and displayed on a per device basis.