Device auditing and initial device discovery would be a nice benefit to have. To that end I am providing an nmap based tool to scan a subnet range and provide a report. It has a lot of work to go but for now it is usable. I’m sure it has kinks to work out and more functionality to work in. Give it a try and give us some feedback!
Some future plans for it:
Usage:
nmap_ona_audit.php -s <IPRANGE> | -f <FILENAME>
Required:
-s <ip range> Perform a scan on the specified network
or
-f <FILENAME> Process an existing nmap XML output file
Optional:
-c Output commands to load into database
Read the nmap man page for variations of [ip range]. Here are some examples:
198.116.0-255.1-127
10.1.3.0/24
NOTE: The build output assumes you already have a valid subnet in
the database for new hosts to associate with.
hornet@server:~$ php nmap_ona_audit.php -s 172.22.22.0-10 Processing an NMAP scan of 11 hosts done on Sat Jul 26 16:15:00 2008. Direct scan using '172.22.22.0-10' IP ENTRIES IN NETWORK BUT NOT IN DATABASE 172.22.22.1 (NOT-IN-DNS) 172.22.22.6 (filesrv) DNS ENTRIES IN PRODUCTION DNS BUT NOT DATABASE (Based on PTR) printer <= 172.22.22.5 filesrv <= 172.22.22.6
Here we can see that:
hornet@server:~$ php nmap_ona_audit.php -s 172.22.22.0-10 -c ECHOING ADD COMMANDS. CAUTION: This assumes all are unique hosts, its not aware of IPs that are combined on a single host or shared with other hosts! dcm.pl -r host_add type="Unknown Unknown (Bulk loaded)" ip=172.22.22.1 host=bulkloaded-172.22.22.1.example.com dcm.pl -r host_add type="Unknown Unknown (Bulk loaded)" ip=172.22.22.6 host=filesrv
Here we have the commands to load the database using the same data as above. Notice that the entry for 172.22.22.5 is not in the list. This is because it was not responding to pings so we cant assume that it really should be in the database, it could just be an old entry in a DNS server not managed by ONA.