AANTS: Using the IPInvestigator Tool

This document outlines the usage of the AANTS "IP Investigator" tool.

The AANTS "IP Investigator" tool allows the user to view which IP addresses in various subnets have been used (or have not been used) in the last N days. If the address has been used, information on which MAC address(es) have been seen on that IP and the date/time they were last seen will also be displayed.

NOTE: As of this writing (2/1/11) the IP Investigator tool only works with IPv4 addresses!


Initial ("Mode Selection") Page

This is the initial (or mode selection) page:

Initial Page, IP Investigator Tool

From this initial page you can set two options, the type of data you are interested in and the number of days of history you wish to search in the data base. The first option pull-down looks like this:

First option pull-down

The options are as follows:

  • "All IP Addresses" - Will show results for all IP addresses (used and unused) in all subnets you administer.
  • "Specific Subnet(s)" - Will bring up a selection page where you can select the subnet(s) for which you wish to see results.
  • "IP Addresses in Use" - Will show only IP addresses in subnets you administer that have been used in the last N days.
  • "Unused IP Addresses" - Will show only IP addresses in subnets you administer that have NOT been used in the last N days.

    NOTE: AANTS "Super-Users" will be considered as administering all campus subnets for any of the queries above.

    "N Days" text field:
    N days text field

    Use this text box to enter the number of days you would like to use in your search. For example entering "14" will return results from the previous 14 days, etc. NOTE: Searches of more than 180 days are not allowed because the search time would be prohibitive and the tool would time-out.


    Select Subnet(s) Page

    Selecting "Specific Subnet(s)" from the mode selection page will bring up the subnet select dialog:

    Subnet select dialog

    Select one or more subnets from the list displayed (alt/ctl or shift-click to select multiple entries). Results will be returned only for the subnets you have selected. NOTE: Only subnets you administer will be displayed. AANTS "Super-Users" will see all campus subnets in the selection dialog.


    Results Page

    The results of the query you selected in the first steps will be displayed in the results screen, which will look something like this:

    Results Screen

    You can see that each subnet prefix is displayed separately. The numbers in parentheses indicate how many IP addresses in that prefix are used (numerator) out of the total IP addresses in the subnets selected for that prefix (denominator). Clicking on the prefix link will display the subnets in that prefix:

    Subnets Displayed

    Again we see the number of used IP addresses (numerator) and the number of total IP addresses in each subnet (denominator). There are also two additional links. Hovering the mouse over the fraction will display more extensive usage information for that subnet:

    Subnet usage info

    And hovering the mouse over the "Info" link will display WiscNIC database information for that subnet:

    Subnet WiscNIC info

    Clicking the mouse on the subnet link itself will display all the IP addresses in that subnet. IP Addresses that have been used in the last N days will be displayed in green. IP addresses that have not been used in the last N days will be displayed in red. Clicking on a green (used) IP address will show the last MAC address associated with that IP address along with the date/time it was seen:

    IP Addresses

    Document written by Charles Thomas




  • Keywords:aants, ip address, ip investigator, tool, tools, subnet, subnets, MAC address, usage   Doc ID:7925
    Owner:Charles T.Group:Network Services
    Created:2008-07-07 19:00 CDTUpdated:2011-01-31 19:00 CDT
    Sites:Network Services, Systems & Network Control Center
    Feedback:  0   0