Re: [Ntop] Successive IP addresses

Mon, 21 Mar 2016 14:00:43 -0700 

The first method works very well. I am trying to add a page to the
host_details.lua which would display an activity map or a timeline showing
the periods where the host was using an IP address. It would look something
like:

IP1 |xxxxxxxxxx        xxxxxxxxx   |
IP2 |              xxxxxx                |
IP3 |                                    xx|

It's easy to get the first seen and last seen time for a given host (IP
address) but do you know a way to get periods of time
Like if the (sticky) host is active from 5am to 10am, then idle until 1pm
and active again until now: do you know a way to get something like:
[{"start": 5am, "end": 10am}, {"start": 10am, "end": 1pm}, {"start": 1pm,
"end": null}]

I don't know if it is possible with the actual host data structure but
please let me know if it is possible.

Thanks in advance,
Mathieu


2016-03-16 18:05 GMT+01:00 Simone Mainardi <[email protected]>:

> Mathieu, there are at least two ways you can accomplish this:
>
> 1. make local hosts sticky and then navigate to
> page hosts_stats.lua?mac=DE:AD:BE:EF:BE:EF, where DE:AD:BE:EF:BE:EF  is the
> MAC address of interest. Since local hosts will not be purged, you will
> find here the whole list of IP addresses seen with the given MAC
> 2. export flows to Elastic Search, there will be two fields named
> IN_SRC_MAC and OUT_DST_MAC that you can search against a MAC of interest to
> see the list of IP addresses that have used it.
>
> Simone
>
> On Wed, Mar 16, 2016 at 4:08 PM, Mathieu Fourcroy <
> [email protected]> wrote:
>
>> Hi,
>>
>> I'm new to ntopng and I wonder if it is possible for a given local host
>> (MAC address) to obtain or display a list of its successive IP addresses on
>> the network.
>> If a network card is using a first IP address on the network then it
>> stops using this one and use a second, different, IP address on the
>> network. Will ntopng distinguish two hosts with same MAC and differen IP or
>> will it just overwrite the first IP address for the single host ?
>>
>> Thanks in advance,
>> Mathieu
>>
>> _______________________________________________
>> Ntop mailing list
>> [email protected]
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>
>
> _______________________________________________
> Ntop mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop
>

_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop

Reply via email to