heavy_fries Posted December 31, 2011 Share Posted December 31, 2011 Hi, I'm searching for a windows or linux program that I can run while I'm connected to a network (wired or wireless, doesn't matter) that will automatically notify me (for example, play a sound) when a computer or ipad or other device is powered on and connects to the network. I hate having to connect to a network and then wait...... and wait...... and wait...... for someone to turn on a computer or ipad and then connect to the network. I also hate having to click a refresh button or repeating the same commands over and over. There has to be a better way. I have an ip address on the network and I know the ip range. I need something that will continuously monitor the network and notify me when any other device with another ip address is also connected to the same network. It's hard to test out "pen testing" software when there are no other computers on the network. Any suggestions? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted December 31, 2011 Share Posted December 31, 2011 (edited) You could use Nmap to do a scan throughout the network, to determine if there are any hosts alive prior to pen-testing. Or if you are on wireless network you could set your wireless card to monitor mode and use airmon-ng to monitor the traffic, any client that connects to your AP will be displayed on your screen. On a wired network, you would set your wired card to promiscuous mode and use Wireshark to capture the LAN traffic. And if anyone connects to the network, you will be to see their IP addresses. Edited January 2, 2012 by Infiltrator Quote Link to comment Share on other sites More sharing options...
digip Posted January 1, 2012 Share Posted January 1, 2012 If your network equipment handles SNMP, you could probably setup a trap that does an alert when an event happens, but I think an arp sweep or even nmap scan would be easy enough to automate with some scripting. Just set everything to run on a schedule and dump the output to a file, then have another script parse it out for addresses and compare to a previous scan. If number of addresses increases, send of an alert, email, or play a sound file. All the scripting of course would be on your end to figure out, but I'm sure it could be done. Quote Link to comment Share on other sites More sharing options...
zyrax Posted January 1, 2012 Share Posted January 1, 2012 I made a little script that uses fing to detect new devices on my network. It compares them with a predefined list of mac-adresses and gives an alert any time a new device is discovered. Then it sends out a push-message to my iPhone via Prowl. Works like a charm. /F Quote Link to comment Share on other sites More sharing options...
zyrax Posted January 1, 2012 Share Posted January 1, 2012 (edited) Its not much of a script but here it goes... Main script: #!/bin/bash net=192.168.1.0/24 known=knownmac.txt IFS=" " for l in `fing -n $net -r 1 -o table,csv --silent` do IFS=";" array=($l) cat knownmac.txt|grep ${array[5]} if [ `cat $known|grep ${array[5]}|wc -l` -eq "0" ] then echo "${array[5]} is not known!" ./prowl.sh 0 "Mac Alert!" "New Mac ${array[5]}" > /dev/null fi IFS=" " done Not a finished script but it works. You have to have fing installed (http://www.over-look.com/site/index.php/download) and modify the paths so they are correct for you. Also get the PROWL-app for your phone and get an apikey from prowlapp.com. the textfile knownmac.txt is just a plain textfile with all my devices known mac-adresses in. One per line. AA:BB:CC:DD:EE:FF My first device AB:BC:CD:DE:EF:FA My second device and so on... Prowl.sh script #! /bin/sh # Script by FLX: http://flx.me # Requirements: curl # Usage: ./prowl.sh priority(-2 to 2) appname description # Example: ./prowl.sh 0 "linux" "this is a test" app="Prowl 4 Linux" priority=$1 eventname=$2 description=$3 apikey=prowlapikeyhere if [ $# -ne 3 ]; then echo "Prowl 4 Linux" echo "Usage: ./prowl.sh priority(-2 to 2) appname description" echo 'Example: ./prowl.sh 0 "linux" "this is a test"' else curl https://prowl.weks.net/publicapi/add -F apikey=$apikey -F priority=$priority -F application="$app" -F event="$eventname" -F description="$description" Edited January 1, 2012 by zyrax Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted January 2, 2012 Share Posted January 2, 2012 I'm wondering if there is a way to do this from the routers firmware. All of these methods are good and would work well but you need to have a active machine on the network running continuous scans to get real time updates. However if you could somehow implement it into some open source firmware on a router then you get round the clock notifications without the use of another machine besides the router. In theory you could write a script like the one from Zyrax and use it to monitor the DHCP server IP address pool and everytime a new device joins the network, the script would send out a notification containing information such as, IP address, MAC address and so forth. Quote Link to comment Share on other sites More sharing options...
n1tr0g3n Posted January 18, 2012 Share Posted January 18, 2012 For windows try this tool out from Nirsoft.net http://www.nirsoft.net/utils/wireless_network_watcher.html and for linux Autoscan has an option called "Intrusion Alert" that alarms you of any new devices that add them selves to your network. It's on the top of the menu in the GUI with a computer Icon and a cable coming out of it.. hope this helps you out : ) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.