YMMV

* your mileage may vary

Thursday, 29 May 2014

nmap Script to Check for New Devices Connected to LAN

Steps to check for new "unknown" devices added to network.  I have it running in a crontab every 30 minutes.
Note: must be run as root/sudo to return valid MAC address from nmap command

  • sudo apt-get update
  • sudo apt-get instal nmap 
NOTE Version
sudo nmap --version
nMap version 6.47 ( http://nmap.org )
Create a file of valid MAC addresses connected to LAN...called valid.txt  e.g.

E0:F1:B0:CF:22:CD
80:78:9E:AA:8F:4E
D8:B3:77:1B:A8:54
56:56:81:DC:3E:2F

Run these commands 1-by-1 or put them in a crontab to run every X minutes/hours/etc as needed
  • sudo nmap 192.168.1.0/24 -sP > file1.txt
  • grep 'MAC' file1.txt | cut -c14-30 > file2.txt
  • grep -Fxv -f valid.txt file2.txt > file3.txt
  • grep -A1 -f file3.txt file1.txt >> unknown.txt

///script for crontab///
#!/bin/bash
# device check script
NOW=$(date +%"D "%"T")
nmap 192.168.1.0/24 -sP > file1.txt
grep 'MAC' file1.txt | cut -c14-30 > file2.txt
grep -Fxv -f valid.txt file2.txt > file3.txt
echo $NOW >> unknown.txt
grep -B2 -f file3.txt file1.txt >> unknown.txt

  • crontab -e
*/30 * * * * /root/device-check.sh


No comments:

Post a Comment