User Tools

Site Tools


machinetracker

The Machine tracker

NAV has historic data on the whereabouts of all machines (IPv4/IPv6 adresses / mac adresses) in the network. You can locate a machine down to the switch port the machine is directly attached to. The machine tracker tool allows you to search for the location of a given machine, or a set of machines. An example is given:

The machine tracker

:!: The history of your machine tracker data goes all the way back to when your NAV monitoring started. Run the the command line script navclean.py to delete old machine tracker data.

The machine tracker tool has three tabs:

  1. IP search (both IPv4 and IPv6 supported)
  2. Mac search
  3. Switch search

Enter an IP address (IPv4 or IPv6) or a range of IP addresses and NAV will display the history of the IP address(es) with start and end time and corresponding mac address. Please not that the search results are based on ARP data (IPv4) and neighbor cache (IPv6) from routers. Typically ARP data entries are kept by the routers 4 hours after the last packet seen. Also keep in mind, the ARP collector only runs twice an hour (0,30). Subtracting 4-4.5 hours from the end time gives you a fairly good idea.

For the search you have several options:

  • Extend the search. The default is 7 days back. NAV stores data 30 days back.
  • Also include inactive IP addresses in the search result. This gives a good overview of available IP addresses in the scope.
  • Include DNS names in the result. NAV does a DNS lookup for the IP addresses.

To further track down the machine in interest, click on the mac address, this will result in a mac to switch port search for the given mac address.

:!: Note that the IP search is reachable from the prefix report in the report tool. The prefix report has a column “Active IPs” for the prefix. Click on the shown number to do a driect IP search.

:!: Read more about the IPv6 address mechanisms in NAV.

Enter a mac address. See the help information on the search page for approved syntax. The search result will on top show the MAC address to switch port report, if found. At the bottom the IP to MAC (ARP data) is shown.

Please note that the MAC search results are based on switch bridge tables. Default timeout for bridge table entries may vary, in many cases it is 5 minutes. The bridge table collector runs every 15 minutes (11,26,41,59) which also introduces some inaccuracy. In other words, the results may be 5-20 minutes off.

For the search you may:

  • Extend the search. The default is 7 days back. NAV stores data 30 days back.
  • Include DNS names in the result. NAV does a DNS lookup for the IP address that belongs the MAC address in question.

You may also search for machines (MAC addresses) that are located behind a given interface. Fill in the switch name, or part of it, see search hints. You may also fill inn module and interface, if you don't all interfaces for the switch will be shown. Module is also optional, if you specify interface, module is typically not necessary to specify.

To see IP information for the shown mac address, click on the mac address.

:!: Note that the switch port search is available as a link from IP device center, from the interface page.

machinetracker.txt · Last modified: 2010/09/10 12:01 by faltin