Hi!
I'm totally new here. I have a script that I am working on, but so far it is not rock solid in its performance. Perhaps someone can tell me if i am thinking wrong anywhere. Below the code:
#! /bin/bash
clear
cd /home/pi/int_lib
# where macadresser resides
echo Running nmap and arp to scan the network...
echo These machines are connected to Yakuza_III:
echo
for word in $(nmap -sL 192.168.1.0/24 | grep "(192" | grep -ioE '([0-9]{1,3}\.){3}[0-9]{1,3}' | grep -v -)
# Run nmap to scan for machines in local network
# (tried nmap -sn - which didn't echo all active clients
# - thus switched to -sL filtering out the items listed as no answer)
# -sL still doesn't seem to echo all machines connected
do
# nmap found a host at $word. Pinging it to plant the mac in arp table
ping -c 1 $word > nil:
mac=$(arp $word | grep -ioE '([A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2}')
hit=no_intruder
if [ -z $mac ]
# mac might be empty since current machine may be down
then
echo $word: This machine seems to be down...
else
# get current machines macaddress
if grep -q $mac macadresser
# check for previous record of this machine
then
echo $word: $(cat macadresser | grep $mac)
else
# machine not found. adding line ...
current_time=$(date +%Y-%m-%d%kh%Mm%Ss)
echo ... $mac at $word is new for us...
nl=$(echo $mac $(echo $(arp $word) | cut -d " " -f 7) at $current_time)
echo Adding $nl to macadresser. Use maced to edit if desired...
# maced is a script calling emacs on macadresser
echo $nl >> macadresser
# make a new record last in macadresser
hit=intruder_detected
# and signal to exit that something has occurred
fi
fi
done
#exit:
current_time=$(date +%Y-%m-%d%kh%Mm%Ss)
if [ $hit==no_intruder ]
# script found no intruders
then
echo $current_time: Nothing to report... >> intr_log.txt
# add a line to the log
else
echo $current_time: One or more intruders reported! See macadresser >> intr_log.txt
# add a line to the log
echo We had an intruder! Read int_lib/macadresser >> intr_log.txt
fi
This script doesn't report all machines in the network all the time, it omits machines... so far I have noticed that nmap -sL is clicking from time to time...
Thankful for any help. Bye for now.
--- Post updated at 06:25 PM ---
Hi again. Here are some runs of nmap:
pi@Ono-Sendai_II:~$ nmap -sL 192.168.1.0/24 | grep "(192"
Nmap scan report for api.premiumzone.com (192.168.1.1)
Nmap scan report for Eriks-fonan.lan (192.168.1.105)
Nmap scan report for nas-79-71-C5.lan (192.168.1.151)
Nmap scan report for AnnaKrinsiPhone.lan (192.168.1.186)
Nmap scan report for SonosZB.lan (192.168.1.193)
Nmap scan report for Hosaka-III.lan (192.168.1.197)
Nmap scan report for Samsung-TV.lan (192.168.1.224)
Nmap scan report for Skrivare.lan (192.168.1.242)
pi@Ono-Sendai_II:~$ nmap -sL 192.168.1.0/24 | grep "(192"
Nmap scan report for api.premiumzone.com (192.168.1.1)
Nmap scan report for SonosZP.lan (192.168.1.72)
Nmap scan report for Sino-Logic-IV.lan (192.168.1.150)
Nmap scan report for nas-84-CC-E3.lan (192.168.1.152)
Nmap scan report for AnnaKrinsiPhone.lan (192.168.1.186)
Nmap scan report for Hosaka-III.lan (192.168.1.197)
Nmap scan report for Samsung-TV.lan (192.168.1.224)
Nmap scan report for Skrivare.lan (192.168.1.242)
pi@Ono-Sendai_II:~$ nmap -sL 192.168.1.0/24 | grep "(192"
Nmap scan report for api.premiumzone.com (192.168.1.1)
Nmap scan report for SonosZP.lan (192.168.1.72)
Nmap scan report for Eriks-fonan.lan (192.168.1.105)
Nmap scan report for nas-79-71-C5.lan (192.168.1.151)
Nmap scan report for Google-Home-Mini.lan (192.168.1.157)
Nmap scan report for AnnaKrinsiPhone.lan (192.168.1.186)
Nmap scan report for SonosZB.lan (192.168.1.193)
Nmap scan report for Hosaka-III.lan (192.168.1.197)
Nmap scan report for Samsung-TV.lan (192.168.1.224)
Nmap scan report for Skrivare.lan (192.168.1.242)
pi@Ono-Sendai_II:~$ nmap -sL 192.168.1.0/24 | grep "(192"
Nmap scan report for api.premiumzone.com (192.168.1.1)
Nmap scan report for SonosZP.lan (192.168.1.72)
Nmap scan report for nas-79-71-C5.lan (192.168.1.151)
Nmap scan report for Google-Home-Mini.lan (192.168.1.157)
Nmap scan report for Apple-TV.lan (192.168.1.177)
Nmap scan report for AnnaKrinsiPhone.lan (192.168.1.186)
Nmap scan report for SonosZB.lan (192.168.1.193)
Nmap scan report for Hosaka-III.lan (192.168.1.197)
Nmap scan report for Samsung-TV.lan (192.168.1.224)
Nmap scan report for Skrivare.lan (192.168.1.242)
My two NAS-items seem to alternate between runs... I don't know if there is some latency issue at work here... ? The nmap runs are performed with one sec interval
greets.