Find the answer to your Linux question:
Results 1 to 5 of 5
hello, how could I write a script that warns me or alerts me when someone besides me enters my wireless network ? I guess I could use nmap -v -A ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2009
    Posts
    29

    bash script


    hello,

    how could I write a script that warns me or alerts me when someone besides me enters my wireless network ?
    I guess I could use nmap -v -A 192.168.0.255/24 in a while 1 loop and then parse the result, but my understanding of bash scripting is not good enough so I come here for help.

    Thanks

  2. #2
    Linux Guru sdousley's Avatar
    Join Date
    Feb 2004
    Posts
    1,790
    not sure what the -A option is supposed to achieve, but from your own machine, there's no reliable way to do this, the best way would be to setup something on your router (if it supports it).

    Reason I state this is that generally nmap will require a port to be open, or ping to respond to realise something's on that IP address.

    The other option though also not reliable, would be to parse the output of your arp table, looking for new/updated entries.
    "I am not an alcoholic, alcoholics go to meetings"
    Registered Linux user = #372327

  3. #3
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    Going off what sdousley said, if your router supports rsyslog (redirecting its internal syslog to a remote PC running rsyslogd) then you could set up a Linux box to receive its log and hopefully, the connection attempts would show up in there somehow. My SMC Barricade supports this and I do it at home, though I never thought to parse it for nosy neighbors, etc. - not sure if the details in the log would be sufficient.

  4. #4
    Linux Guru sdousley's Avatar
    Join Date
    Feb 2004
    Posts
    1,790
    Quote Originally Posted by atreyu View Post
    not sure if the details in the log would be sufficient.
    I guess this depends on the router most likely, but I'd imagine you're only likely to be seeing DHCP requests for something like this, and even then, you're only likely to get a MAC address, which, unless you know all your neighbours MAC addresses, you're unlikely to combat (unless you can block connections based on MAC).

    Saying that though, if you want to make it harder for people to piggy back your connection, try setting your internal range to something totally random (192.168.rand(1-254).0/24 and disabling DHCP. Not entirely fool proof, but will add an element of security.
    "I am not an alcoholic, alcoholics go to meetings"
    Registered Linux user = #372327

  5. #5
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    I double-checked my SMC Barricade router, and you're right - it only showed DHCP requests.

    My verizon cable modem router syslog showed a whole load of info, though, but I did not see any wireless connection attempts (but I didn't look very hard). But I did NOT see an rsyslog feature on it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •