3. Additional Data
NP-View and NP-Live can import data from third party systems to enrich the analysis. The below data files are supported and can manually be imported using drag and drop or if using NP-Connect, files can automatically be imported from a shared network drive. Import configuration files first or with additional data files or a system error will occur. If additional data is input after configuration files, custom views will not be regenerated with the new data until updated configuration files are processed.
Hostname
Once network device configuration files have been imported, one can also import a hostname file to add additional hosts to the topology map and asset inventory. The hostname file is a simple text file with two columns: IP address and hostname separate by a tab. For example:
192.168.0.10 host0 192.168.0.11 host1 192.168.0.100 server0
Address Resolution Protocol (ARP)
The output of the show arp command on a router / switch can be imported into a workspace to create new nodes and associate MAC addresses. The file should include the prompt with the hostname of the device from which the command was executed and the command itself (show arp). For example:
<hostname># show arp outside 10.0.0.100 d867.da11.00c1 2 inside 192.168.1.10 000c.295b.5aa2 21 inside 192.168.1.12 000c.2933.561c 36 inside 192.168.1.14 000c.2ee0.2b81 97
Additionally, the arp -a > arp_table.txt command on a Windows computer will output the arp file to a text file.
Interface: 192.168.86.29 --- 0x6 Internet Address Physical Address Type 192.168.86.1 88-3d-24-76-49-f2 dynamic 192.168.86.25 50-dc-e7-4b-13-40 dynamic 192.168.86.31 1c-fe-2b-30-78-e5 dynamic 192.168.86.33 8c-04-ba-8c-dc-4d dynamic
Netstat for process list
The output of the Netstat command on Windows and Linux can be saved to a text file and then imported into a workspace. Service information will be extracted from the Netstat output file and added to the host attribute. The flags to use for the Netstat command are:
- On Windows:
netstat -abon - On Linux:
netstat -atunp
Netstat for routes / route table dump
The command netstat -rn can provide a list of routes that can be parsed by NP-View and NP-Live. The output of the command show route on Cisco devices can also be parsed. It is important to name the files that include the output of those commands after the hostname of the device where the command was issued (for example: {hostname}.txt). This will enable NP-View and NP-Live to associate the route information with the proper device.
Network and vulnerability scanners: Nmap / Rapid 7 Nexpose / Tenable Nessus
The output from network and vulnerability scanners can be imported into a workspace to add new hosts and port information to the topology map and host attributes. The supported scanners are: Nmap (nmap -oX), Nexpose, and Nessus. One should save their report using the XML format to properly import into NP-View or NP-Live.
Network tracing
Network tracing logs (PCAP) are useful to troubleshoot issues related to network connectivity. These logs can be obtained from Wireshark software. Tcpdump utility can be used to collect logs from Linux. These files can be imported into a workspace and displayed on a per device basis.
