This app scans the network every x minutes and records every available device by it's MAC address. This information is stored in ElasticSearch and plotted on a timeline.
This is especially interesting for mobile devices, it shows you when the devices was online, thus within the WiFi range. Devices are recognized by their MAC address, so even if you use a DHCP server with short lease times, it always knows which IP belongs to the device.
Scanning is done by Nmap. Nmap knows the vendor of most MAC addresses, but the app is connected to the MACVendorLookup API with a more up to date vendor database. This way it’s easy to know what kind of device it is.
- PHP >= 5.4
- Nmap >= 6.0
- Sudo/root rights for the scanner
- SQLite 3.x
- PDO SQLlite PHP extension
- Curl PHP extension
- ElasticSearch >= 0.90
or if you want to use the Vagrant box:
- VirtualBox >= 4.1
- Vagrant >= 1.2
I've created a Vagrant box that automatically starts scanning the network when you start it.
-
Clone/download this repo and install the dependencies using composer
php composer.phar install
-
Start the box. For scanning it needs to have a bridged interface:
vagrant up
-
The default timezone is UTC, if you want to change this, run these commands:
vagrant ssh
(SSH into the Vagrantbox)sudo dpkg-reconfigure tzdata
(change the timezone)exit
(leave the Vagrantbox)vagrant reload
(restart the Vagrantbox to make sure the new timezone is used) -
The scanner and webinterface will be started by supervisor.
-
After a few minutes you should see the scan results on http://127.0.0.1:9999
-
Check the following logs for any issues:
sudo tail -f /var/log/supervisor/*
-
Clone/download this repo and install the dependencies using composer
php composer.phar install
-
Make sure you've nmap installed
apt-get install nmap
-
Make sure you've ElasticSearch installed.
-
Copy config/app/config.yml-dist to config/app/config.yml
-
If you want to lookup the vendor, get the API key from http://www.macvendorlookup.com/api. Fill in your e-mail address and choose JSON as output format.
-
Change the network and interval of the scan to your needs.
-
Let Doctrine create the database:
php vendor/bin/doctrine orm:schema-tool:create
-
Run the scanner (as root, possible with sudo):
php cli/command.php scanner
-
You can use the builtin webserver from PHP5.4 to run the webinterface:
./run
-
After the scanner has found the first results, you can see them at http://127.0.0.1:9999/graph
I'm trying to keep the development going on this project. There's still a lot todo:
- Use ElasticSearch as storage
- Add unit tests
- Make API to find out if the device is available atm
- Generate data/chart per device with available/offline times
- Aggregate the results of devicelogs to timeblocks and cleanup devicelogs
- Use Phing or Make to install
- Handle state when the're no devicelogs yet
- Add datepicker for timeline graph
- Support Kismet as scanning tool
- Use Events to handle the scanner command
- Use the elasticsearch puppet module
- Add the ability to get a notification with Pushbullet when a device is discovered