I'm totally new here. I have a script that I am working on, but so far it is not rock solid in its performance. Perhaps someone can tell me if i am thinking wrong anywhere. Below the code:
Code:
#! /bin/bash
clear
cd /home/pi/int_lib
# where macadresser resides
echo Running nmap and arp to scan the network...
echo These machines are connected to Yakuza_III:
echo
for word in $(nmap -sL 192.168.1.0/24 | grep "(192" | grep -ioE '([0-9]{1,3}\.){3}[0-9]{1,3}' | grep -v -)
# Run nmap to scan for machines in local network
# (tried nmap -sn - which didn't echo all active clients
# - thus switched to -sL filtering out the items listed as no answer)
# -sL still doesn't seem to echo all machines connected
do
# nmap found a host at $word. Pinging it to plant the mac in arp table
ping -c 1 $word > nil:
mac=$(arp $word | grep -ioE '([A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2}')
hit=no_intruder
if [ -z $mac ]
# mac might be empty since current machine may be down
then
echo $word: This machine seems to be down...
else
# get current machines macaddress
if grep -q $mac macadresser
# check for previous record of this machine
then
echo $word: $(cat macadresser | grep $mac)
else
# machine not found. adding line ...
current_time=$(date +%Y-%m-%d%kh%Mm%Ss)
echo ... $mac at $word is new for us...
nl=$(echo $mac $(echo $(arp $word) | cut -d " " -f 7) at $current_time)
echo Adding $nl to macadresser. Use maced to edit if desired...
# maced is a script calling emacs on macadresser
echo $nl >> macadresser
# make a new record last in macadresser
hit=intruder_detected
# and signal to exit that something has occurred
fi
fi
done
#exit:
current_time=$(date +%Y-%m-%d%kh%Mm%Ss)
if [ $hit==no_intruder ]
# script found no intruders
then
echo $current_time: Nothing to report... >> intr_log.txt
# add a line to the log
else
echo $current_time: One or more intruders reported! See macadresser >> intr_log.txt
# add a line to the log
echo We had an intruder! Read int_lib/macadresser >> intr_log.txt
fi
This script doesn't report all machines in the network all the time, it omits machines... so far I have noticed that nmap -sL is clicking from time to time...
Thankful for any help. Bye for now.
--- Post updated at 06:25 PM ---
Hi again. Here are some runs of nmap:
Code:
pi@Ono-Sendai_II:~$ nmap -sL 192.168.1.0/24 | grep "(192"
Nmap scan report for api.premiumzone.com (192.168.1.1)
Nmap scan report for Eriks-fonan.lan (192.168.1.105)
Nmap scan report for nas-79-71-C5.lan (192.168.1.151)
Nmap scan report for AnnaKrinsiPhone.lan (192.168.1.186)
Nmap scan report for SonosZB.lan (192.168.1.193)
Nmap scan report for Hosaka-III.lan (192.168.1.197)
Nmap scan report for Samsung-TV.lan (192.168.1.224)
Nmap scan report for Skrivare.lan (192.168.1.242)
pi@Ono-Sendai_II:~$ nmap -sL 192.168.1.0/24 | grep "(192"
Nmap scan report for api.premiumzone.com (192.168.1.1)
Nmap scan report for SonosZP.lan (192.168.1.72)
Nmap scan report for Sino-Logic-IV.lan (192.168.1.150)
Nmap scan report for nas-84-CC-E3.lan (192.168.1.152)
Nmap scan report for AnnaKrinsiPhone.lan (192.168.1.186)
Nmap scan report for Hosaka-III.lan (192.168.1.197)
Nmap scan report for Samsung-TV.lan (192.168.1.224)
Nmap scan report for Skrivare.lan (192.168.1.242)
pi@Ono-Sendai_II:~$ nmap -sL 192.168.1.0/24 | grep "(192"
Nmap scan report for api.premiumzone.com (192.168.1.1)
Nmap scan report for SonosZP.lan (192.168.1.72)
Nmap scan report for Eriks-fonan.lan (192.168.1.105)
Nmap scan report for nas-79-71-C5.lan (192.168.1.151)
Nmap scan report for Google-Home-Mini.lan (192.168.1.157)
Nmap scan report for AnnaKrinsiPhone.lan (192.168.1.186)
Nmap scan report for SonosZB.lan (192.168.1.193)
Nmap scan report for Hosaka-III.lan (192.168.1.197)
Nmap scan report for Samsung-TV.lan (192.168.1.224)
Nmap scan report for Skrivare.lan (192.168.1.242)
pi@Ono-Sendai_II:~$ nmap -sL 192.168.1.0/24 | grep "(192"
Nmap scan report for api.premiumzone.com (192.168.1.1)
Nmap scan report for SonosZP.lan (192.168.1.72)
Nmap scan report for nas-79-71-C5.lan (192.168.1.151)
Nmap scan report for Google-Home-Mini.lan (192.168.1.157)
Nmap scan report for Apple-TV.lan (192.168.1.177)
Nmap scan report for AnnaKrinsiPhone.lan (192.168.1.186)
Nmap scan report for SonosZB.lan (192.168.1.193)
Nmap scan report for Hosaka-III.lan (192.168.1.197)
Nmap scan report for Samsung-TV.lan (192.168.1.224)
Nmap scan report for Skrivare.lan (192.168.1.242)
My two NAS-items seem to alternate between runs... I don't know if there is some latency issue at work here... ? The nmap runs are performed with one sec interval
Running Debian 8.5 on a Dell Laptop
I have an Epson V39 scanner. Simple scan cannot detect it.
Here is what I have:
root@server1:/home/server1# sane-find-scanner
# sane-find-scanner will now attempt to detect your scanner. If the
# result is different from what you expected, first... (2 Replies)
Hey guys..
What is the best tool that can be used on Linux for IP scanning tool that can bring ping status, hostname, and any other open service. I wish I can find a tool like "The Dude" from Mikrotik, but that works only under Windows.
Thanks (4 Replies)
epson microfilm 500 scsi:
Is there any way to make this work under linux ? I'm using pclinuxos, it shows the machine in the device panel as sg2 and lists the machine , so Im guessing the kernel knows what it is, but I can't view it as a scanner or capture or input device . What catagory does... (4 Replies)
I am facing strange problem regarding hostname on my Linux(2.6.18-164.el5xen x86_64 GNU/Linux), the hostname changes if reboot with lan cable and with NO lan cable
Reboot with lan cable:
The hostname is ubunut
Unable to connect Oracle database using sqlplus some times database is not... (2 Replies)
Hi,
We have a website running on a local centos 5.4 surfer, static IP.
The domain.com uses no-ip.com to take care of the DNS, it forwards all to my server.
My router receives the port 80 call, routes it to my server and the world can see domain.com perfectly fine.
However, we cannot see... (3 Replies)
Just started to create my own small content scanner that searches all the visible files on my server, but now I got stuck. It should be used to scan the files for phrases like in the following example.
What I tried is the following code:
#!/bin/bash
find /home/userid*/public_html/ -size... (18 Replies)
Good Day
I am running HP-UX 11.11 on a PA-RISC Server,when i login as a normal user and i type the command "whoami" i get the "Intruder Alert" on the display?
as follows
/triceps/triprod/bin $ whoami
Intruder alert.
/triceps/triprod/bin $
Why does this happen and must I be worried... (1 Reply)
anyone know of a FREE logfile checker that they would recommend?
looking to scan thru syslog, sulog, messages, etc... looking for security type related entries., thanks,
brian (1 Reply)