3. Additional Data

Created On
Last Updated On
byRobin
You are here:
< All Topics

NP-View and NP-Live can import data from third party systems to enrich the analysis.  The below data files are supported and can manually be imported using drag and drop or if using NP-Connect, files can automatically be imported from a shared network drive.

Hostname

Once network device configuration files have been imported, one can also import a hostname file to add additional hosts to the topology map. The hostname file is a simple text file with two columns: IP address and hostname separate by a tab.  For example:

192.168.0.10    host0
192.168.0.11    host1
192.168.0.100   server0

Show ARP

The output of the show arp command on a router or a switch can be imported into a workspace to create new nodes and associate MAC addresses. The file should include the prompt with the hostname of the device from which the command was executed and the command itself (show arp):

<hostname># show arp
        outside 10.0.0.100 d867.da11.00c1 2
        inside 192.168.1.10 000c.295b.5aa2 21
        inside 192.168.1.12 000c.2933.561c 36
        inside 192.168.1.14 000c.2ee0.2b81 97

Netstat for process list

The output of the Netstat command on Windows and Linux can be saved to a text file and then imported into a workspace. Service information will be extracted from the Netstat output file and added to the host attribute. The flags to use for the Netstat command are:

  • On Windows: netstat -abon
  • On Linux: netstat -atunp

Netstat for routes / route table dump

The command netstat -rn can provide a list of routes that can be parsed by NP-View and NP-Live. The output of the command show route on Cisco devices can also be parsed. It is important to name the files that include the output of those commands after the hostname of the device where the command was issued (for example: {hostname}.txt). This will enable NP-View and NP-Live to associate the route information with the proper device.

Network and vulnerability scanners: Nmap / Nexpose / Nessus / Qualys

The output from network and vulnerability scanners can be imported into a workspace to add new hosts and port information to the topology map and host attributes. The supported scanners are: Nmap (nmap -oX), Nexpose, Nessus, and Qualys. One should save their report using the XML format in order to import them into NP-View or NP-Live.

Network tracing

Network tracing logs (PCAP) are useful to troubleshoot issues related to network connectivity. These logs can be obtained from Wireshark software. Tcpdump utility can be used to collect logs from Linux. These files can be imported into a workspace and displayed on a per device basis.

Table of Contents
  • Product
    • Product Text

      Product Tour

      NP-View is the perfect solution to prepare for an audit: it works offline and runs on any desktop. NP-Live is the solution for businesses that require continuous network compliance monitoring.

    • Product TOI np-view

    • Product TOI np-live

  • Solutions
    • Solutions text

      Solutions

      Learn how Network Perception software can support your compliance and security operations.

    • Solutions TOI NERC-CIP

    • Solutions TOI Security Assessment

  • Resources
    • Resources text

      Resources

      Learn how to use Network Perception software through video tutorials and documentation. Explore the Knowledge Base for technical questions and advanced features.

    • Resource TOI Whitepapers

    • Resource TOI Knowledge Base

    • Resources TOI Tutorial Videos

  • Company
    • Company text

      Company

      Network Perception was founded in 2014 by a team of researchers and security experts. Learn more about our history and positions available.

    • Company TOI About

    • Company TOI Careers

    • Company TOI Contact

  • Customer Portal Login
  • Demo