22. 12. 2021 Mirko Morandini Asset Management, Unified Monitoring

IPTool: The Fastest Way to Answer Any Question about IPs and Hostnames in Your Network!

Or: a Tool for Collecting, Browsing and Analyzing IP and Hostname Data Available Across Your Organization

Take any discretely large, organically grown company network, and you’ll find an interplay of heterogeneous servers, network devices, computers, printers, virtual machines, embedded devices and more.

Do you have documentation on all the assets in the network, both the physical and virtual devices? And do you try to keep it up to date?

If you are doing all this, you’re possibly using an asset database, maybe fed by a discovery service or with agents installed on each host. You have all (or most) Windows machines managed in SCCM or another endpoint management application, the virtual machines in vCenter, and the network devices have been discovered.

The printers are perhaps inventoried manually and their management outsourced. And what about all those connected devices in the production area, were they set up without asking the IT department? Wait a moment… shouldn’t they be in the asset database? And a lot more questions will come up: is that IP already in use? Were all the printers found by the discovery service? What’s the name of the virtual machine behind that DNS hostname or IP? Which computers are missing in SCCM? Is the data in sync with your IPAM?

Try to answer all these questions without losing a lot of time having to look in different tools!

IPTool

IPTool was developed by WürthPhoenix in collaboration with a customer, to achieve a centralized overview of all the inventories and data sources for IP addresses and hostnames in a network. In a single location you can search for hostnames and IP addresses and find all the information available from your network management tools, together with a direct link to it, when available.

The tool collects data from all the other tools in your organization that hold information on IP addresses and/or hostnames, such as asset databases, management and monitoring suites, IP address management (IPAM) tools, DNS, DHCP, ActiveDirectory and the like, by using different techniques from direct access to DB to parsing CSV files to REST calls.

The IPTool consists of three parts:

  • Data collection with different modules and techniques, to be adapted to individual environments
  • A unified representation of the data gathered, focusing on IPs and hostnames
  • Cross-source analyses with export functionality

Technically, the tool is a plugin of the well-known OSS asset management software GLPI (https://glpi-project.org), from which it inherits powerful searching, referencing and exporting functionalities. However, the data managed in the tool is independent of GLPI asset management, in the sense that GLPI is just one of the included data sources.

It’s important to know what the tool is not intended to do:

  • To be a collector of the complete data and data structures of the source tools
    • Conversely, it saves some of the data that is useful for searching and comparison, and provides (if available) a key or a direct link to the entry in the source tool
  • To be a master data source
    • Rather, data is auto-generated by the import modules and is read-only, as editing functionalities would be pointless, since every change would be overwritten when a module re-imports its data
  • A network discovery tool
    • What it really does is gather data from other network discovery tools
  • A real-time monitoring tool
    • In fact, the data structure was built for asynchronous hourly or daily updates
  • An asset management that replaces GLPI for network assets
    • Conversely, it adds information and direct links to GLPI assets.

Data Collection

Currently, the following data collection modules are completed or will be implemented soon.

  • GLPI:  Importing GLPI asset data to the mipTool DB and creating a link to the assets
  • NetEye 3:  Importing prepared CSV files from Nagios-based monitoring tools
  • DNS:  Parsing exported zonetransfer files (heavy alternative: massive dig lookup requests)
  • DHCP:  Parsing the files exported from netstat
  • VSphere:  Parsing  the “network” file exported by RVTools, to get the VM name and the IP
  • ActiveDirectory:  Parsing properties and groups through LDAP requests
  • phpIPAM:  Directly through its REST API
  • Printer management via a proprietary tool:  Directly through its REST API
  • NetEye4 and Icinga:  Directly through its REST API
  • NeDi Network Discovery:  Via database queries

Please note that while some modules need direct access to the relative application, for others a scheduled data export to some shared directory needs to be prepared and maintained.

More imports could be realized when needed, e.g., from:

  • Proprietary asset management tools:  Through REST or scheduled CSV exports
  • Vulnerability and network scanners such as Nessus
  • Antivirus servers, to see which endpoints are (not) covered
  • Wiki or document management software, to give links to documentation that refers to specific hostnames
  • System management tools such as Foreman

Data Representation

All the gathered data is represented in a unified structure. An “entry” defines a single dataset from one source tool, which can have zero, one or more IP addresses and hostnames. E.g. a DNS entry can have more A and C-Names registered. Each entry holds some basic information such as a timestamp, MAC address (if available), and a direct link to the entry page in the source tool.

The entry itself, the host names and the IP addresses are indexed by GLPI Global Search: Just search for a host name in the global search box and, in additional to the GLPI entries, you’ll find all IPTool entries from the various source modules!

Data Analysis

IPTool actually implements several possibilities for the analysis of IP and host name data, and more will be developed in the coming months.

First, for each entry (remember that an entry defines a single dataset in one source module), an IP and host name analysis is available: The IP analysis lists, for each IP address registered in this entry (e.g. an entry in phpMyAdmin), all results in other sources, e.g. GLPI, DNS, and DHCP.

The tools menu entry “mIPTool Analyses” provides various analyses on single import modules and cross-modules. Most analyses have a search functionality. Each result can be exported as a PDF, CSV or SLK file. SLK files can be opened directly in Excel without any conversion issues just as for CSV files.

Duplicate Analysis, per Module

Selecting an import module, this page shows all duplicate:

  • Host entries
  • IP address entries
  • MAC entries

This can be a good starting point to find erroneous double entries in the tool, duplicate assignments, old entries etc. Of course, having some duplicate entries is normal, depending on the tool analysed. E.g. phpIPAM and DHCP can have more than one host name per IP address.

Full Analysis of All Host Names and IPs, for Presence in the Various Modules

Shows a grid with all host names registered in the mIPTool and a column for each import module, to show the presence of a host in a module. Hosts registered with and without domain are grouped visually in colored rows. With the filter textbox you can search for hosts or parts of a hostname. For GLPI entries, you get a direct link to the asset page.

This page gives an important overview on the status of your tools. Of course, the results need to be interpreted: some hosts are virtual machines, some are printer servers etc. and thus not all modules need to always be present for a given entry.

Module Mismatch Analysis

This page contains a Hostname-IP and IP-Hostname mismatch analysis, starting from the selected module, looking for the IPs registered for a host name, or the host names registered for a certain IP. This analysis needs to be interpreted with caution: the results can give interesting insights, but everything depends of course on the starting module.

Hostname-IP mismatch analysis: For each host name, the IPs registered in the selected module are compared to the IPs in the other modules. Additional IP addresses that don’t match those in the module selected from the dropdown list are shown.

IP-Hostname mismatch analysis: For each IP, the host names registered in the selected module are compared to the host names in the other modules. A row is shown for each module with additional, non-matching host names.

Conclusion

There’s nothing wrong about having various sources of information in your network, because these tools are highly specialized for particular tasks. However, you need a single place where you can find information about your assets. A manually fed asset management tool or a discovery service can help, but it will never be complete and up-to-date. The IPTool GLPI plugin gathers information from all applications in your organization that manage IP addresses or host names.

When searching for an IP address or host name (also simply from the GLPI global search box) you’ll get all relevant entries from the different source applications, links to the entry in the source applications, and an analysis of missing, duplicate and mismatched data between the sources.

You’ll love IPtool, for answering any questions about IPs and host names in your network, and for completing missing entries in your network management tools!

Mirko Morandini

Mirko Morandini

Mirko Morandini, PhD, is part of the EriZone team since 2015. As a consultant, he guided the implementation of EriZone in various projects in the DACH area and in Italy.

Author

Mirko Morandini

Mirko Morandini, PhD, is part of the EriZone team since 2015. As a consultant, he guided the implementation of EriZone in various projects in the DACH area and in Italy.

Leave a Reply

Your email address will not be published.

Archive