In development - addon to monitor connected devices:

[bibikalka]

Following the discussion in this link, @rung agreed to share his existing scripts that do this.

 

[rung]

No problem sharing. Sent a DM on best way to share.

Okay, sharing in a box below. Note the script was built over time and is quite a mess. Note my sig for my setup that it works with. Any suggestions to improve would be very much appreciated! Feel free to ask what/why for any part since it has no documentation.

#!/bin/sh

crut="19 */3 * * *"
totalclients=0
bridgecount=0
uh=0

fn=$(readlink -f "$0")
dn=$(dirname "$fn")
knownmacs=$dn/knownmacs.txt


if [ "$1" == "-c" ]; then
    if ! cru l | grep -q "view_bridge"; then
        echo "Creating Cron job"
        cruc="$fn -l >/dev/null 2>&1"
            cru a view_bridge "$crut $cruc"
        exit 0
    else
        echo "Deleting Cron Job"
        cru d view_bridge
        exit 0
    fi
fi

if [ "$1" == "-s" ]; then
    echo "Saving unknown hosts"
    sh=1
else
    sh=0
fi
bridges=$(brctl show | awk 'NF>1 && NR>1 {print $1}')

[ -f $knownmacs ] || touch $knownmacs
cp /var/lib/misc/dnsmasq.leases /tmp/leases.txt
sed -i s/*/UNKNOWN/ /tmp/leases.txt
arp > /tmp/arp.txt

#create tracking file
grep '*' $knownmacs  | awk '{print $1,$2}' > /tmp/tracking.txt

#see if online file exists, do first pass check if so
[ -f /tmp/online2.txt ] && cp /tmp/online2.txt /tmp/online.txt

if [ -f /tmp/online.txt ]; then
    while read clientmac clientname
    do
            clientip=$(grep $clientmac /tmp/online.txt | awk '{print $2}')
            if ! [ -n "$clientip" ]; then
            clientip=$(grep $clientmac /tmp/arp.txt | tail -n 1 | awk -F'[)( ]' '{print $3 }')
            if [ -n "$clientip" ]; then
                echo "Pinging $clientip"
                ping -W 3 -c 1 -q  $clientip > /dev/null
                rc=$?
                if [ "$rc" -ne 0 ]; then
                    echo "Return code: $rc"
                    arp-scan -I br0 -T $clientmac $clientip --numeric --quiet
                fi
            fi
            fi
    done < /tmp/tracking.txt
fi

#reset online file
echo "" > /tmp/online.txt

for bridge in $bridges; do
    bridgecount=$(($bridgecount+1))
    echo -e "\t\tBridge" $bridgecount":" $bridge
    clientmacs=$(brctl showmacs $bridge  | awk 'NR>1 {print $2 }')
    clientcount=0
    for clientmac in $clientmacs; do
        clientip=$(grep $clientmac /tmp/arp.txt | tail -n 1 | awk -F'[)( ]' '{print $3 }')
        if [ -n "$clientip" ]; then
            clientname=$(grep " "$clientip" " /tmp/leases.txt | awk '{ print $4 }')
            if [ -z $clientname ]; then
                clientname="UNKNOWN"
            fi
            clientcount=$(($clientcount+1))
            if grep -q $clientmac $knownmacs; then
                kn=""
                clientname=$(grep $clientmac $knownmacs | awk '{print $2}')
                echo $clientmac $clientip $clientname >> /tmp/online.txt
            else
                if [ "$sh" -eq 1 ]; then
                    echo $clientmac $clientname >> $knownmacs
                    kn="Saving unknown host"
                else
                    kn="HOST UNKNOWN!"
                    uh=1
                    if [ "$1" == "-l" ]; then
                        logger -t "view_bridge" "Unknown client found! MAC:" $clientmac "IP:" $clientip "Host name:" $clientname
                    fi
                fi
            fi
            printf "%-17s %-15s %-15s %-15s\n" $clientmac $clientip $clientname "$kn"
        fi
    done
    totalclients=$(($totalclients+$clientcount))
    echo -e "\tBridge client count:" $clientcount "\n"
done

echo "Total clients:" $totalclients
if [ $uh -eq 1 ]; then
    echo "Unknown host(s)!"
    echo "Call with option -s to accept all unknown hosts"
else
    if [ "$1" == "-l" ]; then
        logger -t "view_bridge" "No new clients found"
    fi
fi

echo ""

while read clientmac clientname
do
        clientip=$(grep $clientmac /tmp/online.txt | awk '{print $2}')
        if ! [ -n "$clientip" ]; then
        clientip=$(grep $clientmac /tmp/arp.txt | tail -n 1 | awk -F'[)( ]' '{print $3 }')
        if [ -n "$clientip" ]; then
            echo "Pinging $clientip"
            ping -W 3 -c 1 -q  $clientip > /dev/null
            rc=$?
            echo "Return code: $rc"
        else
                    echo "Client offline! MAC:" $clientmac "Host name:" $clientname
                    if [ "$1" == "-l" ]; then
                 logger -t "view_bridge" "Client offline! MAC:" $clientmac "Host name:" $clientname
                    fi
        fi
        fi

done < /tmp/tracking.txt

echo ""

Decided to add the format of the "knownmacs.txt" file:

44:42:xx:xx:xx:xx EchoShow *
48:43:xx:xx:xx:xx FireTablet

The asterisk is used to indicate that the client should always be online.

Also using an Entware package to get the tool called arp-scan. This is used to refresh the arp table with a PC that is sleeping when ping doesn't work.


Rung

 

[bibikalka]

@rung - much appreciated!

I ran it. It looks to update known MAC addresses as a list. I guess it could dump unknown ones into a different list? Until one requests to put this into the known list.

Probably it could read ether:name pairs also from a user supplied list? Otherwise it finds too many unknowns in there.

 

[rung]

Just run it with the -s option. Then start editing the knownmacs.txt file with names with the macs you recognize. Then track down the unknown until they are known!

 

[rung]

By the way, once you have your knownmacs.txt file set up, you can add the asterisks to clients that should always be online. You can then call the script with the -c option to add a cron job to call the script every couple of hours. The system log will report any new unknown macs or if any of the online clients are now offline.