Mailing List Archive: NTop: Users

Querying ntop data from the command line for mDNS <-> IP Address mappings

Index | Next | Previous | View Threaded

dclark at pobox

Jun 21, 2012, 6:35 AM

Post #1 of 5 (570 views)
Permalink

Querying ntop data from the command line for mDNS <-> IP Address mappings

Is there a way to query ntop data via a command line user interface
(cli/clui)?

ntop seems to be able to detect which IP addresses correspond to which mdns
(bonjour / avahi) host names, which isn't possible to do without the kind
of long-term passive correlative network monitoring that ntop does (as far
as I can tell, you can't initiate a query against an IP address to find its
mdns host name due to the way the mdns protocol works; google supports this
assertion).

I'd like to query ntop from the command line with an IP address, and get
back the contents of these columns (for specified network interfaces, in my
case eth2 and eth3):
Summary -> Hosts -> Host
Summary -> Hosts -> Other Name(s)
Summary -> Hosts -> Age/Inactivity

Is this possible without screen scraping the web interface?

I found a post circa 2005 talking about the deprecated intop ant ntcsh
interfaces which states "So, basically, there's no interface into ntop
except the data dumps (various formats) and the web." - if this is still
true, is there a way to initiate a data dump from the command line?

Finally, if this isn't possible with ntop, anyone know of a monitor tool
that would work for this use case (passively sniff the network to find
Multicast DNS host name to IP address mappings, and then allow access to
that data from the command line)?

ntop at ale

Jun 21, 2012, 8:54 AM

Post #2 of 5 (529 views)
Permalink

Re: Querying ntop data from the command line for mDNS <-> IP Address mappings [In reply to]

Have a look at /dump.html. There's some guidance there on using the CLI,
although it's via wget. You could export it in perl format to get a perl
hash, which may contain the data you're after.

I'm using DNS here so can't tell if it would contain the mDNS hostname for a
given IP.

The tool 'mdns-scan' returns a list of responding mDNS hosts, but it's not
passive. 'tcpdump -n -i eth0 port mdns' is passive :-)

alexd

szym_ip at gazeta

Jun 21, 2012, 10:33 AM

Post #3 of 5 (526 views)
Permalink

Re: Querying ntop data from the command line for mDNS <-> IPAddress mappings [In reply to]

Thanks for your help Alex.
----- Original Message -----
From: Alex Dekker
To: ntop [at] listgateway
Sent: Thursday, June 21, 2012 5:54 PM
Subject: Re: [Ntop] Querying ntop data from the command line for mDNS <-> IPAddress mappings

Have a look at /dump.html. There's some guidance there on using the CLI, although it's via wget. You could export it in perl format to get a perl hash, which may contain the data you're after.

I'm using DNS here so can't tell if it would contain the mDNS hostname for a given IP.

The tool 'mdns-scan' returns a list of responding mDNS hosts, but it's not passive. 'tcpdump -n -i eth0 port mdns' is passive :-)

alexd

------------------------------------------------------------------------------

_______________________________________________
Ntop mailing list
Ntop [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop

dclark at pobox

Jun 21, 2012, 7:01 PM

Post #4 of 5 (526 views)
Permalink

Re: Querying ntop data from the command line for mDNS <-> IP Address mappings [In reply to]

On Thu, Jun 21, 2012 at 11:54 AM, Alex Dekker <ntop [at] ale> wrote:

> **
>
> Have a look at /dump.html. There's some guidance there on using the CLI,
> although it's via wget. You could export it in perl format to get a perl
> hash, which may contain the data you're after.
>

Sweet! This simple pipeline gets me all the non-numeric host
identification information that is available from ntop:

wget -qO- "http://127.0.0.1:3000/dumpData.html?language=text&view=long" \
| cut -d \| -f 4,9,10

And can easily grep for a specific IP address etc.

(I'm also using nmblookup -A a.b.c.d with a pipeline to get exact info I
want which sometimes gets Windows hostnames ntop doesn't have.)

Thanks a bunch!

szym_ip at gazeta

Jun 22, 2012, 12:40 AM

Post #5 of 5 (535 views)
Permalink

Re: Querying ntop data from the command line for mDNS <-> IP Address mappings [In reply to]

Daniel, When I run ntop, a program does not see the previously saved files. All statistics are empty.
I do not know how to read the older files stored by ntop
Is it possible to read the older dump files by ntop. I need to see logs from a specific day from last year.

Regards Piter
----- Original Message -----
From: Daniel Clark
To: ntop [at] unipi
Sent: Friday, June 22, 2012 4:01 AM
Subject: Re: [Ntop] Querying ntop data from the command line for mDNS <-> IP Address mappings

On Thu, Jun 21, 2012 at 11:54 AM, Alex Dekker <ntop [at] ale> wrote:

Have a look at /dump.html. There's some guidance there on using the CLI, although it's via wget. You could export it in perl format to get a perl hash, which may contain the data you're after.

Sweet! This simple pipeline gets me all the non-numeric host identification information that is available from ntop:

wget -qO- "http://127.0.0.1:3000/dumpData.html?language=text&view=long" \
| cut -d \| -f 4,9,10

And can easily grep for a specific IP address etc.

(I'm also using nmblookup -A a.b.c.d with a pipeline to get exact info I want which sometimes gets Windows hostnames ntop doesn't have.)

Thanks a bunch!

------------------------------------------------------------------------------

_______________________________________________
Ntop mailing list
Ntop [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads