当 LAN 网络上有新的 WiFi 设备时发出警告

当 LAN 网络上有新的 WiFi 设备时发出警告

我通过以太网连接。但几乎所有其他设备都使用 WiFi。是否可以在 Ubuntu 22.04 中获取连接到我的路由器的设备列表?如果有某种方法可以在新设备连接到 WiFi 网络时收到警报,那就太好了。

编辑1:有趣的arp -a是,它提供了更多细节,但没有设备信息。只有一些内部 IP 和 MAC ID。

编辑2arp -a:我认为可以通过以下nmap命令获得更多详细信息:由@Raffa分享

编辑3:已经有一个名为的工具坚果可以做到这一点,但最新版本是 2019 年。

截屏

答案1

我希望这能有所帮助,或者至少能起到教育作用:-)...它应该作为bash脚本运行...它使用notify-send对于通知:

#!/bin/bash

# Start the main loop
while true; do
  # Change "10.0.0.0/24" to your network address and your netmask e.g. "192.168.1.0/24"
  # Use "nmap" to get discoverable devices on the network and parse the output to get only those with resolvable hostnames into an arry "a"
  readarray -t a < <(nmap -sn 10.0.0.0/24 | awk '/Nmap scan report for/ && NF == 6 {print $((NF-1)), $NF}')
  # To get even devices with un-resolvable/empty/unset hostnames, comment the above line and uncomment the below line
  # readarray -t a < <(nmap -sn 10.0.0.0/24 | awk '/Nmap scan report for/ {print $5, $6}')
  # Loop over items in array "a"
  for item in "${a[@]}"; do
    # Get device's MAC address from the already updated arp table
    ip=${item#*(}; ip=${ip%)*}; mac=$(arp -n "$ip" | awk '/.*:.*:.*:.*:.*:.*/{printf "%s", $3}')
    # Compare items to array "b" and send notification for recently connected devices.
    [[ ! "${b[*]}" =~ "${item}" ]] && notify-send -i network-wired "Connected device:" "Hostname (IP) MAC:\n ${item} ${mac}"
    done
  # Loop over items in array "b" ... Notice this array is not initially declared for simplicity and shortness.
  for item in "${b[@]}"; do
    # Compare items to array "a" and send notification for recently disconnected devices.
    [[ ! "${a[*]}" =~ "${item}" ]] && notify-send -i network-error "Disconnected device:" "Hostname (IP):\n ${item}"
    done
    # Copy array "a" to array "b"
    b=("${a[@]}")
    # Wait N seconds before continuing the main loop
    sleep 60
  done

终端显示版本(具有额外功能)上述脚本将会像这样:

#!/bin/bash

# This script depends on these commands/utilities (mktemp, nmap, awk, arp, column, sort, nl and notify-send)

nts="1" # Set this to "1" to enable sending desktop (notify-send) notifications on new or disconnected devices or to "0" to disable it.
network="10.0.0.0/24" # Change "10.0.0.0/24" to your network address and your netmask e.g. "192.168.1.0/24"
si="60" # Scan interval in seconds. Lower is NOT always better (between "30" and "300" is recommended for "/24" subnet). Devices are discovered at this interval and considered disconnected 3X this interval. 
logfile="$HOME/NetworkDevicesMonitor.log" # Pathe to the log file. It will be created if it dosen't exist.
# Path to Nmap MAC prefixes file on your system (It comes with nmap when installed). This is the default path and should work fine:
pdb="/usr/share/nmap/nmap-mac-prefixes"


### Don't edit below this line unless you know what you're doing ###
# Create a temporary file with "mktemp"
tmpfile=$(mktemp)
# Start the main loop
while true; do
  # Clear the temporary file
  > "$tmpfile"
  # Use "nmap" to get discoverable devices on the network and parse the output into an arry "a"
  readarray -t a < <(nmap -sn "$network" | \
  awk '/Nmap scan report for/ && (NF == 6) {print $5, $6} /Nmap scan report for/ && (NF == 5) {print "Unavailable", "("$5")"}')
  # Loop over items in array "a"
  for item in "${a[@]}"; do
    # Get device's MAC address from the already updated arp table
    ip=${item#*(}; ip=${ip%)*}; mac=$(arp -n "$ip" 2> /dev/null | awk '/.*:.*:.*:.*:.*:.*/{printf "%s", $3}'); [[ -z "$mac" ]] && mac="Unknown"
    # Lookup vendor
    if [[ "$mac" == "Unknown" ]]; then
      vendor="$mac"
    else
      awmac="${mac//:}"
      awmac="${awmac:0:6}"
      vendor=$(awk -v mac="${awmac}" 'BEGIN{IGNORECASE=1} $1 == mac {for(i=2;i<NF;++i) printf "%s_", $i; printf "%s", $NF }' "$pdb")
    fi
    [[ -z "$vendor" ]] && vendor="Unavailable"
    # Compare items to array "b" and write new and connected devices to file (and send notifications if enabled).
    if [[ ! "${b[*]}" =~ "${item}" ]] && [[ ! "${c[*]}" =~ "${item}" ]] && [[ ! "${d[*]}" =~ "${item}" ]]; then
      echo -e "1 \U2191 New ${item} ${mac} ${vendor}" >> "$tmpfile"
      echo -e "[$(date)] \U2191 Connected: ${item} ${mac} ${vendor}" >> "$logfile"
      [[ "$nts" == 1 ]] && notify-send -u critical -i network-wired "New device:" "${item}\n${mac}\n${vendor}\n$(date)"
    else
      echo -e "3 \U2194 Connected ${item} ${mac} ${vendor}" >> "$tmpfile"
      fi
    done
  # Loop over items in array "d" ...
  for item in "${d[@]}"; do
    # Get device's MAC address from the already updated arp table
    ip=${item#*(}; ip=${ip%)*}; mac=$(arp -n "$ip" 2> /dev/null | awk '/.*:.*:.*:.*:.*:.*/{printf "%s", $3}'); [[ -z "$mac" ]] && mac="Unknown"
        # Lookup vendor
    if [[ "$mac" == "Unknown" ]]; then
      vendor="$mac"
    else
      awmac="${mac//:}"
      awmac="${awmac:0:6}"
      vendor=$(awk -v mac="${awmac}" 'BEGIN{IGNORECASE=1} $1 == mac {for(i=2;i<NF;++i) printf "%s_", $i; printf "%s", $NF }' "$pdb")
    fi
    [[ -z "$vendor" ]] && vendor="Unavailable"
    # Compare items to array "a" and write disconnected devices to file (and send notifications if enabled).
    if [[ ! "${a[*]}" =~ "${item}" ]] && [[ ! "${b[*]}" =~ "${item}" ]] && [[ ! "${c[*]}" =~ "${item}" ]]; then
      echo -e "2 \U2193 Disconnected ${item} ${mac} ${vendor}" >> "$tmpfile"
      echo -e "[$(date)] \U2193 Disconnected: ${item} ${mac} ${vendor}" >> "$logfile"
      [[ "$nts" == 1 ]] && notify-send -u critical -i network-error "Disconnected device:" "${item}\n${mac}\n${vendor}\n$(date)"
      fi
    done
    # Copy to redundant arrays "c" and "d" used for more reliable status and notification
    d=("${c[@]}")
    c=("${b[@]}")
    # Copy array "a" to array "b"
    b=("${a[@]}")
    # Clear the terminal
    clear
    # Format and write output
    sort -k1 "$tmpfile" | nl | column -t -N '#,s,*,Status:,Hostname:,(IP):,MAC:,Vendor:' -H 's'
    # Wait N seconds before continuing the main loop
    sleep "$si"
  done

通告

  • 有一些备选脚本方法,其中一些需要使用sudo更高的权限,例如,nmap如果以 root 身份运行,它本身就会打印 MAC 地址...但是,我无论如何都避免使用这些方法,而使用不需要以 root 身份运行的安全解决方法...还值得注意的是,您问题中链接的示例应用程序和其他应用程序都依赖于并nmap在后台使用...所以,当条条大路通罗马时,我通常会提倡最短、最安全和最直的一条路 :-)。

  • 阿普(地址解析协议) 表已在大多数支持网络的操作系统上实现并可用,包括 Ubuntu(cat /proc/net/arp会给你一个想法),您可以轻松快速地查询它们……但是,在您的使用案例中,需要了解的重要一点是,新连接到网络的设备不一定能立即添加到这些 arp 表中……您的主机需要与这些设备通信并交换 arp 数据包(例如通过向他们发送 arp 请求或 echo 请求) 以便其 arp 表进行相应更新...有用的信息这里也一样。

  • 如今,默认情况下,设备在连接到不同的网络时会将其 MAC 地址更改为随机地址和/或隐藏其主机/设备名称...它被视为一种安全/隐私功能,通常可以在网络连接设置下禁用/启用。

答案2

这个问题与 Ubuntu 没有直接关系,可能更适合其他地方。它涉及的范围很广,如果能更集中一些,会得到更好的答案。

如果您正在运行 OpenWrt 路由器,您应该能够编写一个脚本来执行此操作。它可以在路由器上运行,以 cron 作业的形式定期查询连接的 WiFi 设备:通过终端列出热点连接的设备

由于您没有提到路由器操作系统,我怀疑您运行的是现成的固件。在这种情况下,您可以定期抓取路由器的 Web 界面以获取已连接设备的列表(如果此信息在路由器的 Web 界面的某个地方可用)。您可以使用要求或者,这取决于路由器的 webif 是如何设计的。这可能相当脆弱。

另一种方法可能是定期扫描nmap您的网络,并在检测到网络上的新地址时设置警报。这不仅限于 WiFi 连接,还会在连接新的有线设备时发出警报。

每种方法都有优点和缺点。这取决于你拥有哪种路由器。我个人会购买一台 OpenWrt 路由器,然后编写一个脚本来监控新的 WiFI 设备。

答案3

我是 Linux 新手,但我有想法

  1. 安装 telnet 客户端
  2. 打开 telnet 连接到你的路由器
  3. 查找已连接的 wifi 设备数量并将其保存到文本文件中
  4. 创建 bash 脚本并循环将当前连接的 wifi 设备保存到另一个文本文件中
  5. 使用脚本比较两个文本文件,如果有差异则显示弹出窗口

希望这有帮助

答案4

如果您的路由器没有自己的基于 Linux 的路由器软件(并且您没有安装 Wine(Windows 仿真软件)),那么这里是来自 Google 搜索的最新消息。 https://openwrt.org/WRTproject 是为开发者准备的——呃!!不是​​的:用户可以替换原装路由器自带的路由器固件并自定义他们的设备。(而且它是完全开源的) https://vyos.io/ https://mikrotik.com/software (其他两个基于 Linux 的路由器软件(可能需要 make(提示您的存储库文件以 DEV 结尾以支持库和 OTM 依赖项。)))

相关内容