AANTS: Using the IPInvestigator Tool
This document outlines the usage of the AANTS "IP Investigator" tool.
NOTE: As of this writing (2/1/11) the IP Investigator tool only works with IPv4 addresses!
Initial ("Mode Selection") Page
This is the initial (or mode selection) page:
From this initial page you can set two options, the type of data you are interested in and the number of days of history you wish to search in the data base. The first option pull-down looks like this:
The options are as follows:
NOTE: AANTS "Super-Users" will be considered as administering all campus subnets for any of the queries above.
"N Days" text field:
Use this text box to enter the number of days you would like to use in your search. For example entering "14" will return results from the previous 14 days, etc. NOTE: Searches of more than 180 days are not allowed because the search time would be prohibitive and the tool would time-out.
Select Subnet(s) Page
Selecting "Specific Subnet(s)" from the mode selection page will bring up the subnet select dialog:
Select one or more subnets from the list displayed (alt/ctl or shift-click to select multiple entries). Results will be returned only for the subnets you have selected. NOTE: Only subnets you administer will be displayed. AANTS "Super-Users" will see all campus subnets in the selection dialog.
The results of the query you selected in the first steps will be displayed in the results screen, which will look something like this:
You can see that each subnet prefix is displayed separately. The numbers in parentheses indicate how many IP addresses in that prefix are used (numerator) out of the total IP addresses in the subnets selected for that prefix (denominator). Clicking on the prefix link will display the subnets in that prefix:
Again we see the number of used IP addresses (numerator) and the number of total IP addresses in each subnet (denominator). There are also two additional links. Hovering the mouse over the fraction will display more extensive usage information for that subnet:
And hovering the mouse over the "Info" link will display WiscNIC database information for that subnet:
Clicking the mouse on the subnet link itself will display all the IP addresses in that subnet. IP Addresses that have been used in the last N days will be displayed in green. IP addresses that have not been used in the last N days will be displayed in red. Clicking on a green (used) IP address will show the last MAC address associated with that IP address along with the date/time it was seen:
Document written by Charles Thomas