New network client notifier
This scripts listens to al broadcasts messages captured with tcpdump,
registers all new discovered mac addresses in a txt table,
it resolves the hostname by querying the wins server,
and send a mail notification about the newly discovered clients hostname to all configured recipients.
Required download: sendEmail
Script
#!/bin/ksh
touch /tmp/mactable
network="192.168.1"
netbios="192.168.1.4"
smtp="mail.domain.nl:25"
from=" discover@domain.nl "
to=" user1@domain.nl "
cc=" user2@domain.nl user3@domain.nl "
while [ 1 ];
do
data=`/usr/sbin/tcpdump -c 1 -e -l "(ether host FF:FF:FF:FF:FF:FF) and net $network" 2> /dev/null`
mac=`echo $data | awk '{if ($2 ~ /:/) print $2}'`
ip=`echo $data | awk '{if ($6 ~ /\./) print $6}'|cut -d. -f 1,2,3,4`
hit=`cat /tmp/mactable | grep $mac`
echo $mac
echo $ip
netbios=`nmblookup -U $netbios -A $ip|awk '{if ($0~/<00>/ && $0!~/<GROUP>/) print $1}'`
if [ "$hit" = "" ] ; then
if [ "$mac" != "" ] && [ "$ip" != "" ] ; then
/usr/local/sbin/sendEmail -f $from -t $to -s $smtp -u "New MAC address on Guest wireless network: $mac with current ip $ip NetBios Name: $netbios" -m "New mac address has been found on the guest wireless network $mac - $ip\n NetBIOSName: $netbios" -cc $cc >/tmp/mactable.maillog 2>/tmp/mactable.maillog
if [ "$?" = "0" ] ; then
echo "$mac" >> /tmp/mactable
fi
fi
fi
done
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Leave a comment