Send netdisco-users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/netdisco-users
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of netdisco-users digest..."
Today's Topics:
1. sql query help sought (Mark Boolootian)
2. Re: sql query help sought (Christian Ramseyer)
--- Begin Message ---
I'm wondering if I might be able to enlist the
assistance of someone to help an sql ignoramus
such as myself to craft a query that would yield
something like:
All IP addresses with a campus routable prefix
that were seen with a last seen time of less than,
say, two hours ago (where campus prefix could
be v4 or v6 - in our case 128.114/16 or 2607:f5f0::/32).
The motivation here revolves around the ability of
security to scan IPv6 systems. You can't scan the
address space looking for systems, and netdisco
seems the ideal place to look for active addresses,
as well as providing an easy way to associate a
given IPv4 and IPv6 address with a specific MAC.
Clue most appreciatively sought.
thanks,
mark
--- End Message ---
--- Begin Message ---
On 12.04.19 21:23, Mark Boolootian via netdisco-users wrote:
> I'm wondering if I might be able to enlist the
> assistance of someone to help an sql ignoramus
> such as myself to craft a query that would yield
> something like:
>
> All IP addresses with a campus routable prefix
> that were seen with a last seen time of less than,
> say, two hours ago (where campus prefix could
> be v4 or v6 - in our case 128.114/16 or 2607:f5f0::/32).
>
> The motivation here revolves around the ability of
> security to scan IPv6 systems. You can't scan the
> address space looking for systems, and netdisco
> seems the ideal place to look for active addresses,
> as well as providing an easy way to associate a
> given IPv4 and IPv6 address with a specific MAC.
To query stuff by prefix that has shown in up in an arp table in the
last two hours, the query would just be:
select ip, dns from node_ip
where time_last >= current_timestamp - interval '2 hours'
and ( ip << '128.114.0.0/16' or ip << '2607:f5f0::/32' );
'<<' is part of the insanely useful ip address operators in Postgres,
and means 'contained in the subnet on the right hand side'.
Is that about what you had in mind?
Cheers
Christian
--- End Message ---
_______________________________________________
Netdisco mailing list - Digest Mode
[email protected]
https://lists.sourceforge.net/lists/listinfo/netdisco-users
