[prev in list] [next in list] [prev in thread] [next in thread]
List: ntop
Subject: Re: [Ntop] Successive IP addresses
From: Mathieu Fourcroy <mathieu.fourcroy () gmail ! com>
Date: 2016-05-19 15:58:24
Message-ID: CALxKHMS7vyzP1qF_zPoK3P1uMeqWMZeGK8j1uPjRysTqxKmtEA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
My redis instance do not contains any interface name for an entry like
192.168.30.192.10.json which looks like:
{
"mac_address": "8C:3A:E3:3F:EC:6A",
"asn": 0,
"vlan_id": 10,
"ip": {
"ipVersion": 4,
"localHost": false,
"ip": "192.168.30.192"
},
"localHost": true,
"systemHost": false,
"tcp_sent": {
"packets": 6,
"bytes": 509
},
"tcp_rcvd": {
"packets": 0,
"bytes": 0
},
"udp_sent": {
"packets": 0,
"bytes": 0
},
"udp_rcvd": {
"packets": 0,
"bytes": 0
},
"icmp_sent": {
"packets": 0,
"bytes": 0
},
"icmp_rcvd": {
"packets": 0,
"bytes": 0
},
"other_ip_sent": {
"packets": 0,
"bytes": 0
},
"other_ip_rcvd": {
"packets": 0,
"bytes": 0
},
"pktStats.sent": {
"upTo128": 6
},
"pktStats.recv": {},
"throughput_bps": 0,
"throughput_trend_bps": "Unknown",
"throughput_pps": 0,
"throughput_trend_pps": "Unknown",
"flows.as_client": 1,
"flows.as_server": 0,
"num_alerts": 0,
"sent": {
"packets": 6,
"bytes": 509
},
"rcvd": {
"packets": 0,
"bytes": 0
},
"ndpiStats": {
"Unknown": {
"bytes": {
"sent": 509,
"rcvd": 0
},
"packets": {
"sent": 6,
"rcvd": 0
}
}
},
"dns": {
"sent": {
"stats": {}
},
"rcvd": {
"stats": {}
}
},
"http": {
"sender": {
"query": {},
"response": {},
"query_rate": {},
"response_rate": {}
},
"receiver": {
"query": {},
"response": {},
"query_rate": {},
"response_rate": {}
}
}
}
Well actually what I am doing is loading the hosts from redis in
Ntop::start().
For each interface I check x.x.x.x.x.json entries in redis and load them
using the "mac_address", "ip"."ip" and "vlan_id".
Once I fetch these values from redis I do something like:
Host *h= new Host(iface[i], mac, (u_int16_t)vlan, ip);
h->deserialize(json, redis_key);
And the host is loaded in the interface iface[i]. What I want to know is:
is there a better way to do it ?
I can send the full code if needed. I have developed some new features for
ntopng and I think I will send a push request some day.
Thank you,
Mathieu
2016-05-19 17:35 GMT+02:00 Simone Mainardi <mainardi@ntop.org>:
> Mathieu,
>
> see below,
>
> On Thu, May 19, 2016 at 4:52 PM, Mathieu Fourcroy <
> mathieu.fourcroy@gmail.com> wrote:
>
>> Hi,
>>
>> Thank you. The (de)serialize functions can push a host to redis or fetch
>> it. It's a good idea to use it.
>> I want to load every host stored in redis when ntopng starts. How would I
>> do it ? How can I manually add a host to a network interface ?
>>
>
> ntopng auto-load serialized hosts automatically. hosts are added to
> network interfaces as soon as their traffic is seen. You can't add an host
> manually. You should declare its network as local.
>
>
>> Moreover, the interface name or ID is not stored in the host in redis,
>> right ? So It is impossible to load a given host from the interface it has
>> been seen before.
>>
>
> yes, the name is stored in redis.
>
> I think you should go through the ntopng manual:
> https://github.com/ntop/ntopng/blob/dev/doc/UserGuide.pdf
>
>
>>
>> Thanks you in advance,
>>
>> Mathieu
>>
>> 2016-03-23 14:34 GMT+01:00 Simone Mainardi <mainardi@ntop.org>:
>>
>>> Mathieu,
>>>
>>> I think that for your purposes you should look and edit the Host
>>> functions:
>>>
>>> - serialize :
>>> https://github.com/ntop/ntopng/blob/0c0b671e0f218cbee369bd5567f1a50d63e92a3d/src/Host.cpp#L862
>>> - deserialize :
>>> https://github.com/ntop/ntopng/blob/0c0b671e0f218cbee369bd5567f1a50d63e92a3d/src/Host.cpp#L953
>>>
>>> They handle how host data is written to and read from redis.
>>>
>>>
>>> Simone
>>>
>>> On Wed, Mar 23, 2016 at 10:29 AM, Mathieu Fourcroy <
>>> mathieu.fourcroy@gmail.com> wrote:
>>>
>>>> Thank you for your answer Simone.
>>>> When I start ntopng it does not automatically load previous hosts if
>>>> these hosts are idle (do not send or receive packets). It does load some
>>>> statistics when the host starts begin active but the "first seen" value is
>>>> reseted.
>>>> Is there a way to load every local hosts even if they are not living on
>>>> the network anymore and load the "first_seen" value also.
>>>>
>>>> Thank you very much for your answers I really appreciate it.
>>>> Mathieu
>>>>
>>>> 2016-03-23 10:23 GMT+01:00 Simone Mainardi <mainardi@ntop.org>:
>>>>
>>>>> Mathieu, redis host persistency is enabled by default for local and
>>>>> system hosts. They are dumped on exit and loaded back on startup.
>>>>>
>>>>> Simone
>>>>>
>>>>> On Wed, Mar 23, 2016 at 10:10 AM, Mathieu Fourcroy <
>>>>> mathieu.fourcroy@gmail.com> wrote:
>>>>>
>>>>>> Hello,
>>>>>> Can you tell me if there is a way to save host information (via redis
>>>>>> or mysql) and load it automatically when starting ntopng ?
>>>>>>
>>>>>> Best reguards,
>>>>>> Mathieu
>>>>>>
>>>>>> 2016-03-22 9:59 GMT+01:00 Simone Mainardi <mainardi@ntop.org>:
>>>>>>
>>>>>>> Mathieu,
>>>>>>>
>>>>>>> Please, feel free to contribute the additional page on github, we
>>>>>>> would like to consider integrating it in our code.
>>>>>>>
>>>>>>> To answer your question, the present data structure only allows to
>>>>>>> keep first and last seen overall.
>>>>>>>
>>>>>>> Simone
>>>>>>>
>>>>>>> On Mon, Mar 21, 2016 at 10:00 PM, Mathieu Fourcroy <
>>>>>>> mathieu.fourcroy@gmail.com> wrote:
>>>>>>>
>>>>>>>> The first method works very well. I am trying to add a page to the
>>>>>>>> host_details.lua which would display an activity map or a timeline showing
>>>>>>>> the periods where the host was using an IP address. It would look something
>>>>>>>> like:
>>>>>>>>
>>>>>>>> IP1 |xxxxxxxxxx xxxxxxxxx |
>>>>>>>> IP2 | xxxxxx |
>>>>>>>> IP3 | xx|
>>>>>>>>
>>>>>>>> It's easy to get the first seen and last seen time for a given host
>>>>>>>> (IP address) but do you know a way to get periods of time
>>>>>>>> Like if the (sticky) host is active from 5am to 10am, then idle
>>>>>>>> until 1pm and active again until now: do you know a way to get something
>>>>>>>> like:
>>>>>>>> [{"start": 5am, "end": 10am}, {"start": 10am, "end": 1pm},
>>>>>>>> {"start": 1pm, "end": null}]
>>>>>>>>
>>>>>>>> I don't know if it is possible with the actual host data structure
>>>>>>>> but please let me know if it is possible.
>>>>>>>>
>>>>>>>> Thanks in advance,
>>>>>>>> Mathieu
>>>>>>>>
>>>>>>>>
>>>>>>>> 2016-03-16 18:05 GMT+01:00 Simone Mainardi <mainardi@ntop.org>:
>>>>>>>>
>>>>>>>>> Mathieu, there are at least two ways you can accomplish this:
>>>>>>>>>
>>>>>>>>> 1. make local hosts sticky and then navigate to
>>>>>>>>> page hosts_stats.lua?mac=DE:AD:BE:EF:BE:EF, where DE:AD:BE:EF:BE:EF is the
>>>>>>>>> MAC address of interest. Since local hosts will not be purged, you will
>>>>>>>>> find here the whole list of IP addresses seen with the given MAC
>>>>>>>>> 2. export flows to Elastic Search, there will be two fields named
>>>>>>>>> IN_SRC_MAC and OUT_DST_MAC that you can search against a MAC of interest to
>>>>>>>>> see the list of IP addresses that have used it.
>>>>>>>>>
>>>>>>>>> Simone
>>>>>>>>>
>>>>>>>>> On Wed, Mar 16, 2016 at 4:08 PM, Mathieu Fourcroy <
>>>>>>>>> mathieu.fourcroy@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> I'm new to ntopng and I wonder if it is possible for a given
>>>>>>>>>> local host (MAC address) to obtain or display a list of its successive IP
>>>>>>>>>> addresses on the network.
>>>>>>>>>> If a network card is using a first IP address on the network then
>>>>>>>>>> it stops using this one and use a second, different, IP address on the
>>>>>>>>>> network. Will ntopng distinguish two hosts with same MAC and differen IP or
>>>>>>>>>> will it just overwrite the first IP address for the single host ?
>>>>>>>>>>
>>>>>>>>>> Thanks in advance,
>>>>>>>>>> Mathieu
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Ntop mailing list
>>>>>>>>>> Ntop@listgateway.unipi.it
>>>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Ntop mailing list
>>>>>>>>> Ntop@listgateway.unipi.it
>>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Ntop mailing list
>>>>>>>> Ntop@listgateway.unipi.it
>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Ntop mailing list
>>>>>>> Ntop@listgateway.unipi.it
>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Ntop mailing list
>>>>>> Ntop@listgateway.unipi.it
>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Ntop mailing list
>>>>> Ntop@listgateway.unipi.it
>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Ntop mailing list
>>>> Ntop@listgateway.unipi.it
>>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>>
>>>
>>>
>>> _______________________________________________
>>> Ntop mailing list
>>> Ntop@listgateway.unipi.it
>>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>>
>>
>>
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
[Attachment #5 (text/html)]
<div dir="ltr"><div><div><div><div><div><div><div>My redis instance do not contains \
any interface name for an entry like 192.168.30.192.10.json which looks like:<br><br>
<p style="margin:0px;text-indent:0px"><span \
style="font-family:monospace,monospace">{</span></p><span \
style="font-family:monospace,monospace"> </span><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"mac_address": "8C:3A:E3:3F:EC:6A",</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"asn": 0,</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 40px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "vlan_id": 10,</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"ip": {</span></p><div style="margin-left:40px"> </div><p style="margin:0px \
0px 0px 80px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"ipVersion": 4,</span></p><div style="margin-left:80px"> </div><p \
style="margin:0px 0px 0px 80px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "localHost": \
false,</span></p><div style="margin-left:80px"> </div><p style="margin:0px 0px 0px \
80px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"ip": "192.168.30.192"</span></p><div style="margin-left:40px"> \
</div><p style="margin:0px 0px 0px 40px;text-indent:0px"><span \
style="font-family:monospace,monospace"> },</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"localHost": true,</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 40px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "systemHost": \
false,</span></p><div style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"tcp_sent": {</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 80px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "packets": \
6,</span></p><div style="margin-left:80px"> </div><p style="margin:0px 0px 0px \
80px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"bytes": 509</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 40px;text-indent:0px"><span \
style="font-family:monospace,monospace"> },</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"tcp_rcvd": {</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 80px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "packets": \
0,</span></p><div style="margin-left:80px"> </div><p style="margin:0px 0px 0px \
80px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"bytes": 0</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 40px;text-indent:0px"><span \
style="font-family:monospace,monospace"> },</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"udp_sent": {</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 80px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "packets": \
0,</span></p><div style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
80px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"bytes": 0</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 40px;text-indent:0px"><span \
style="font-family:monospace,monospace"> },</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"udp_rcvd": {</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 80px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "packets": \
0,</span></p><div style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
80px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"bytes": 0</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 40px;text-indent:0px"><span \
style="font-family:monospace,monospace"> },</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"icmp_sent": {</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 80px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "packets": \
0,</span></p><div style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
80px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"bytes": 0</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 40px;text-indent:0px"><span \
style="font-family:monospace,monospace"> },</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"icmp_rcvd": {</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 80px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "packets": \
0,</span></p><div style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
80px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"bytes": 0</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 40px;text-indent:0px"><span \
style="font-family:monospace,monospace"> },</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"other_ip_sent": {</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 80px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "packets": \
0,</span></p><div style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
80px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"bytes": 0</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 40px;text-indent:0px"><span \
style="font-family:monospace,monospace"> },</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"other_ip_rcvd": {</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 80px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "packets": \
0,</span></p><div style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
80px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"bytes": 0</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 40px;text-indent:0px"><span \
style="font-family:monospace,monospace"> },</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"pktStats.sent": {</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 80px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "upTo128": 6</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
},</span></p><div style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"pktStats.recv": {},</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 40px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "throughput_bps": \
0,</span></p><div style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"throughput_trend_bps": "Unknown",</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"throughput_pps": 0,</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 40px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "throughput_trend_pps": \
"Unknown",</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 40px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "flows.as_client": \
1,</span></p><div style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"flows.as_server": 0,</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 40px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "num_alerts": 0,</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"sent": {</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 80px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "packets": \
6,</span></p><div style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
80px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"bytes": 509</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 40px;text-indent:0px"><span \
style="font-family:monospace,monospace"> },</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"rcvd": {</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 80px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "packets": \
0,</span></p><div style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
80px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"bytes": 0</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 40px;text-indent:0px"><span \
style="font-family:monospace,monospace"> },</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"ndpiStats": {</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 80px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "Unknown": {</span></p><div \
style="margin-left:80px"> </div><p style="margin:0px 0px 0px \
120px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"bytes": {</span></p><div style="margin-left:120px"> </div><p \
style="margin:0px 0px 0px 160px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "sent": \
509,</span></p><div style="margin-left:160px"> </div><p style="margin:0px 0px 0px \
160px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"rcvd": 0</span></p><div style="margin-left:120px"> </div><p \
style="margin:0px 0px 0px 120px;text-indent:0px"><span \
style="font-family:monospace,monospace"> },</span></p><div \
style="margin-left:120px"> </div><p style="margin:0px 0px 0px \
120px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"packets": {</span></p><div style="margin-left:120px"> </div><p \
style="margin:0px 0px 0px 160px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "sent": \
6,</span></p><div style="margin-left:160px"> </div><p style="margin:0px 0px 0px \
160px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"rcvd": 0</span></p><div style="margin-left:120px"> </div><p \
style="margin:0px 0px 0px 120px;text-indent:0px"><span \
style="font-family:monospace,monospace"> }</span></p><div \
style="margin-left:120px"> </div><p style="margin:0px 0px 0px \
80px;text-indent:0px"><span style="font-family:monospace,monospace"> \
}</span></p><div style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
},</span></p><div style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"dns": {</span></p><div style="margin-left:40px"> </div><p \
style="margin:0px 0px 0px 80px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "sent": {</span></p><div \
style="margin-left:80px"> </div><p style="margin:0px 0px 0px \
120px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"stats": {}</span></p><div style="margin-left:80px"> </div><p \
style="margin:0px 0px 0px 80px;text-indent:0px"><span \
style="font-family:monospace,monospace"> },</span></p><div \
style="margin-left:80px"> </div><p style="margin:0px 0px 0px \
80px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"rcvd": {</span></p><div style="margin-left:80px"> </div><p \
style="margin:0px 0px 0px 120px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "stats": \
{}</span></p><div style="margin-left:80px"> </div><p style="margin:0px 0px 0px \
80px;text-indent:0px"><span style="font-family:monospace,monospace"> \
}</span></p><div style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
</div><p style="margin:0px 0px 0px 40px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "http": {</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
80px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"sender": {</span></p><div style="margin-left:80px"> </div><p \
style="margin:0px 0px 0px 120px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "query": \
{},</span></p><div style="margin-left:120px"> </div><p style="margin:0px 0px 0px \
120px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"response": {},</span></p><div style="margin-left:120px"> </div><p \
style="margin:0px 0px 0px 120px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "query_rate": \
{},</span></p><div style="margin-left:120px"> </div><p style="margin:0px 0px 0px \
120px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"response_rate": {}</span></p><div style="margin-left:80px"> </div><p \
style="margin:0px 0px 0px 80px;text-indent:0px"><span \
style="font-family:monospace,monospace"> },</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
80px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"receiver": {</span></p><div style="margin-left:80px"> </div><p \
style="margin:0px 0px 0px 120px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "query": \
{},</span></p><div style="margin-left:120px"> </div><p style="margin:0px 0px 0px \
120px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"response": {},</span></p><div style="margin-left:120px"> </div><p \
style="margin:0px 0px 0px 120px;text-indent:0px"><span \
style="font-family:monospace,monospace"> "query_rate": \
{},</span></p><div style="margin-left:120px"> </div><p style="margin:0px 0px 0px \
120px;text-indent:0px"><span style="font-family:monospace,monospace"> \
"response_rate": {}</span></p><div style="margin-left:80px"> </div><p \
style="margin:0px 0px 0px 80px;text-indent:0px"><span \
style="font-family:monospace,monospace"> }</span></p><div \
style="margin-left:40px"> </div><p style="margin:0px 0px 0px \
40px;text-indent:0px"><span style="font-family:monospace,monospace"> \
}</span></p><span style="font-family:monospace,monospace"> </span><p \
style="margin:0px;text-indent:0px"><span \
style="font-family:monospace,monospace">}</span></p><br></div>Well actually what I am \
doing is loading the hosts from redis in Ntop::start().<br><br></div>For each \
interface I check x.x.x.x.x.json entries in redis and load them using the \
"mac_address", "ip"."ip" and \
"vlan_id".<br></div>Once I fetch these values from redis I do something \
like:<br><br><div style="margin-left:40px"><span \
style="font-family:monospace,monospace">Host *h= new Host(iface[i], mac, \
(u_int16_t)vlan, ip);<br></span></div><div style="margin-left:40px"><span \
style="font-family:monospace,monospace">h->deserialize(json, \
redis_key);</span><br></div><br></div>And the host is loaded in the interface \
iface[i]. What I want to know is: is there a better way to do it ?<br></div>I can \
send the full code if needed. I have developed some new features for ntopng and I \
think I will send a push request some day.<br><br></div>Thank \
you,<br><br></div>Mathieu<br></div><div class="gmail_extra"><br><div \
class="gmail_quote">2016-05-19 17:35 GMT+02:00 Simone Mainardi <span dir="ltr"><<a \
href="mailto:mainardi@ntop.org" \
target="_blank">mainardi@ntop.org</a>></span>:<br><blockquote class="gmail_quote" \
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div \
dir="ltr">Mathieu,<div><br></div><div>see below,<br><div class="gmail_extra"><br><div \
class="gmail_quote"><span class="">On Thu, May 19, 2016 at 4:52 PM, Mathieu Fourcroy \
<span dir="ltr"><<a href="mailto:mathieu.fourcroy@gmail.com" \
target="_blank">mathieu.fourcroy@gmail.com</a>></span> \
wrote:<br></span><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><div><div><div><div><div>Hi,<br><br></div><span class="">Thank you. The \
(de)serialize functions can push a host to redis or fetch it. It's a good idea to \
use it.<br></span></div><span class="">I want to load every host stored in redis when \
ntopng starts. How would I do it ? How can I manually add a host to a network \
interface ?<br></span></div></div></div></div></blockquote><div><br></div><div>ntopng \
auto-load serialized hosts automatically. hosts are added to network interfaces as \
soon as their traffic is seen. You can't add an host manually. You should declare \
its network as local.</div><span class=""><div> </div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><div><div><div></div>Moreover, the interface name or ID is not stored in \
the host in redis, right ? So It is impossible to load a given host from the \
interface it has been seen \
before.<br></div></div></div></blockquote><div><br></div></span><div>yes, the name is \
stored in redis.</div><div><br></div><div>I think you should go through the ntopng \
manual: <a href="https://github.com/ntop/ntopng/blob/dev/doc/UserGuide.pdf" \
target="_blank">https://github.com/ntop/ntopng/blob/dev/doc/UserGuide.pdf</a></div><div><div \
class="h5"><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><div><div><br></div>Thanks you in \
advance,<br><br></div>Mathieu<br></div><div><div><div class="gmail_extra"><br><div \
class="gmail_quote">2016-03-23 14:34 GMT+01:00 Simone Mainardi <span dir="ltr"><<a \
href="mailto:mainardi@ntop.org" \
target="_blank">mainardi@ntop.org</a>></span>:<br><blockquote class="gmail_quote" \
style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div \
dir="ltr">Mathieu,<div><br></div><div>I think that for your purposes you should look \
and edit the Host functions:</div><div><br></div><div>- serialize : <a \
href="https://github.com/ntop/ntopng/blob/0c0b671e0f218cbee369bd5567f1a50d63e92a3d/src/Host.cpp#L862" \
target="_blank">https://github.com/ntop/ntopng/blob/0c0b671e0f218cbee369bd5567f1a50d63e92a3d/src/Host.cpp#L862</a></div><div>- \
deserialize : <a href="https://github.com/ntop/ntopng/blob/0c0b671e0f218cbee369bd5567f1a50d63e92a3d/src/Host.cpp#L953" \
target="_blank">https://github.com/ntop/ntopng/blob/0c0b671e0f218cbee369bd5567f1a50d63e92a3d/src/Host.cpp#L953</a></div><div><br></div><div>They \
handle how host data is written to and read from redis.</div><span><font \
color="#888888"><div><br></div><div><br></div><div>Simone</div></font></span></div><div><div><div \
class="gmail_extra"><br><div class="gmail_quote">On Wed, Mar 23, 2016 at 10:29 AM, \
Mathieu Fourcroy <span dir="ltr"><<a href="mailto:mathieu.fourcroy@gmail.com" \
target="_blank">mathieu.fourcroy@gmail.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><div><div><div><div>Thank you for your answer Simone.<br></div>When I start \
ntopng it does not automatically load previous hosts if these hosts are idle (do not \
send or receive packets). It does load some statistics when the host starts begin \
active but the "first seen" value is reseted.<br></div>Is there a way to \
load every local hosts even if they are not living on the network anymore and load \
the "first_seen" value also.<br><br></div>Thank you very much for your \
answers I really appreciate it.<span><font \
color="#888888"><br></font></span></div><span><font \
color="#888888">Mathieu<br></font></span></div><div><div><div \
class="gmail_extra"><br><div class="gmail_quote">2016-03-23 10:23 GMT+01:00 Simone \
Mainardi <span dir="ltr"><<a href="mailto:mainardi@ntop.org" \
target="_blank">mainardi@ntop.org</a>></span>:<br><blockquote class="gmail_quote" \
style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><div style="width:1019px;min-height:85px">Mathieu, redis host persistency \
is enabled by default for local and system hosts. They are dumped on exit and loaded \
back on startup. </div><span><font color="#888888"><div \
style="width:1019px;min-height:85px"><br></div><div \
style="width:1019px;min-height:85px">Simone</div></font></span></div><div><div><div \
class="gmail_extra"><br><div class="gmail_quote">On Wed, Mar 23, 2016 at 10:10 AM, \
Mathieu Fourcroy <span dir="ltr"><<a href="mailto:mathieu.fourcroy@gmail.com" \
target="_blank">mathieu.fourcroy@gmail.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><div><div><div>Hello,<br></div>Can you tell me if there is a way to save \
host information (via redis or mysql) and load it automatically when starting ntopng \
?<br><br></div>Best reguards,<br></div>Mathieu<br></div><div><div><div \
class="gmail_extra"><br><div class="gmail_quote">2016-03-22 9:59 GMT+01:00 Simone \
Mainardi <span dir="ltr"><<a href="mailto:mainardi@ntop.org" \
target="_blank">mainardi@ntop.org</a>></span>:<br><blockquote class="gmail_quote" \
style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div \
dir="ltr">Mathieu,<div><br></div><div>Please, feel free to contribute the additional \
page on github, we would like to consider integrating it in our \
code.</div><div><br></div><div>To answer your question, the present data structure \
only allows to keep first and last seen overall.</div><span><font \
color="#888888"><div><br></div><div>Simone</div></font></span></div><div><div><div \
class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 21, 2016 at 10:00 PM, \
Mathieu Fourcroy <span dir="ltr"><<a href="mailto:mathieu.fourcroy@gmail.com" \
target="_blank">mathieu.fourcroy@gmail.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><div><div><div><div><div><div><div><div>The first method works very well. I \
am trying to add a page to the host_details.lua which would display an activity map \
or a timeline showing the periods where the host was using an IP address. It would \
look something like:<br><br></div>IP1 |xxxxxxxxxx xxxxxxxxx \
|<br></div>IP2 | xxxxxx \
|<br></div>IP3 | \
xx|<br><br></div>It's easy to get the first seen and last seen time for a given \
host (IP address) but do you know a way to get periods of time<br>Like if the \
(sticky) host is active from 5am to 10am, then idle until 1pm and active again until \
now: do you know a way to get something like:<br></div>[{"start": 5am, \
"end": 10am}, {"start": 10am, "end": 1pm}, \
{"start": 1pm, "end": null}]<br><br></div>I don't know if it \
is possible with the actual host data structure but please let me know if it is \
possible.<br><br></div>Thanks in \
advance,<br></div>Mathieu<br><div><div><div><div><div><br></div></div></div></div></div></div><div><div><div \
class="gmail_extra"><br><div class="gmail_quote">2016-03-16 18:05 GMT+01:00 Simone \
Mainardi <span dir="ltr"><<a href="mailto:mainardi@ntop.org" \
target="_blank">mainardi@ntop.org</a>></span>:<br><blockquote class="gmail_quote" \
style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div \
dir="ltr">Mathieu, there are at least two ways you can accomplish \
this:<div><br><div>1. make local hosts sticky and then navigate to page \
hosts_stats.lua?mac=DE:AD:BE:EF:BE:EF, where DE:AD:BE:EF:BE:EF is the MAC address \
of interest. Since local hosts will not be purged, you will find here the whole list \
of IP addresses seen with the given MAC</div></div><div>2. export flows to Elastic \
Search, there will be two fields named IN_SRC_MAC and OUT_DST_MAC that you can search \
against a MAC of interest to see the list of IP addresses that have used \
it.</div><div><br></div><div>Simone</div></div><div class="gmail_extra"><br><div \
class="gmail_quote"><div><div>On Wed, Mar 16, 2016 at 4:08 PM, Mathieu Fourcroy <span \
dir="ltr"><<a href="mailto:mathieu.fourcroy@gmail.com" \
target="_blank">mathieu.fourcroy@gmail.com</a>></span> \
wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div><div><div \
dir="ltr"><div><div><div><div>Hi,<br><br></div>I'm new to ntopng and I wonder if \
it is possible for a given local host (MAC address) to obtain or display a list of \
its successive IP addresses on the network.<br></div>If a network card is using a \
first IP address on the network then it stops using this one and use a second, \
different, IP address on the network. Will ntopng distinguish two hosts with same MAC \
and differen IP or will it just overwrite the first IP address for the single host \
?<br><br></div>Thanks in advance,<br></div>Mathieu<br></div> \
<br></div></div>_______________________________________________<br> Ntop mailing \
list<br> <a href="mailto:Ntop@listgateway.unipi.it" \
target="_blank">Ntop@listgateway.unipi.it</a><br> <a \
href="http://listgateway.unipi.it/mailman/listinfo/ntop" rel="noreferrer" \
target="_blank">http://listgateway.unipi.it/mailman/listinfo/ntop</a><br></blockquote></div><br></div>
<br>_______________________________________________<br>
Ntop mailing list<br>
<a href="mailto:Ntop@listgateway.unipi.it" \
target="_blank">Ntop@listgateway.unipi.it</a><br> <a \
href="http://listgateway.unipi.it/mailman/listinfo/ntop" rel="noreferrer" \
target="_blank">http://listgateway.unipi.it/mailman/listinfo/ntop</a><br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Ntop mailing list<br>
<a href="mailto:Ntop@listgateway.unipi.it" \
target="_blank">Ntop@listgateway.unipi.it</a><br> <a \
href="http://listgateway.unipi.it/mailman/listinfo/ntop" rel="noreferrer" \
target="_blank">http://listgateway.unipi.it/mailman/listinfo/ntop</a><br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Ntop mailing list<br>
<a href="mailto:Ntop@listgateway.unipi.it" \
target="_blank">Ntop@listgateway.unipi.it</a><br> <a \
href="http://listgateway.unipi.it/mailman/listinfo/ntop" rel="noreferrer" \
target="_blank">http://listgateway.unipi.it/mailman/listinfo/ntop</a><br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Ntop mailing list<br>
<a href="mailto:Ntop@listgateway.unipi.it" \
target="_blank">Ntop@listgateway.unipi.it</a><br> <a \
href="http://listgateway.unipi.it/mailman/listinfo/ntop" rel="noreferrer" \
target="_blank">http://listgateway.unipi.it/mailman/listinfo/ntop</a><br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Ntop mailing list<br>
<a href="mailto:Ntop@listgateway.unipi.it" \
target="_blank">Ntop@listgateway.unipi.it</a><br> <a \
href="http://listgateway.unipi.it/mailman/listinfo/ntop" rel="noreferrer" \
target="_blank">http://listgateway.unipi.it/mailman/listinfo/ntop</a><br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Ntop mailing list<br>
<a href="mailto:Ntop@listgateway.unipi.it" \
target="_blank">Ntop@listgateway.unipi.it</a><br> <a \
href="http://listgateway.unipi.it/mailman/listinfo/ntop" rel="noreferrer" \
target="_blank">http://listgateway.unipi.it/mailman/listinfo/ntop</a><br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Ntop mailing list<br>
<a href="mailto:Ntop@listgateway.unipi.it" \
target="_blank">Ntop@listgateway.unipi.it</a><br> <a \
href="http://listgateway.unipi.it/mailman/listinfo/ntop" rel="noreferrer" \
target="_blank">http://listgateway.unipi.it/mailman/listinfo/ntop</a><br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Ntop mailing list<br>
<a href="mailto:Ntop@listgateway.unipi.it" \
target="_blank">Ntop@listgateway.unipi.it</a><br> <a \
href="http://listgateway.unipi.it/mailman/listinfo/ntop" rel="noreferrer" \
target="_blank">http://listgateway.unipi.it/mailman/listinfo/ntop</a><br></blockquote></div></div></div><br></div></div></div>
<br>_______________________________________________<br>
Ntop mailing list<br>
<a href="mailto:Ntop@listgateway.unipi.it">Ntop@listgateway.unipi.it</a><br>
<a href="http://listgateway.unipi.it/mailman/listinfo/ntop" rel="noreferrer" \
target="_blank">http://listgateway.unipi.it/mailman/listinfo/ntop</a><br></blockquote></div><br></div>
_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic