Netwatcher.php
I plug a lot of devices in and out of the GeekLabs (and other) networks, many of which don't have a display. I was constantly diffing nmap scans to see what was new or missing. This evolved into a simple PHP script that keeps track of MAC addresses it's seen before, and display them. It abuses JSON format files as a flat database, with known.json being stuffed with CR's so you can edit it easily. Why did I do it this way? A variant of this can run easily on the hundreds of endpoints I help manage, that are already running some PHP code, so his fits in very well.
Instructions:
You may note it made some files. You can delete these at any time and it will recreate them.
- Download the file: netwatcher.php.txt and rename it netwatcher.php (or whatever)
- Edit it, at the top you can put in the network block you want to monitor (192.168.1.0/24 for example)
- As root, run it:
php ./netwatcher.php
- watched.log - A timestamped log off lost and found devices
- watched.json - What it saw last time it ran, stored for comparison for next time
- known.json - Edit this file with what you know about the found devices. Keep notes, name your devices. This file is persistent until you delete it.
I'll suggest that you should run it a few times, add system names/descriptions to known.json and then next time you are looking for something: run it again. There might be some value in automating it and adding notifications via email or text, but on most networks you'll see a lot of chatter.
This code is egoware : If you like it: let me know. If you don't: delete it.