Open broizter opened 1 year ago
I believe it your benefit some home users and small companies witch can check new devices added to the network and identify possible rogue equipment.
This is definitely the feature I'd need to be make this viable for my usecase.
I currently use PiHole + Unifi console to fulfil this job on five subnets, so it'd be nice to have a GUI and have a dedicated tool for this job.
Although, thinking about it, not quite sure how you'd get arpscan to scan multiple subnets without some weird network-foo. Maybe IPVLAN or MACVLANs (e.g. this or this?)
I'm thinking about replacing arp-scan with my own tool, but that needs time and some research
Instead of arp, would listening for dhcp be a potentially better solution?
I am able to scan multiple subnets by putting the container on multiple vlans/networks
AFAIK: ARP can only get neighboring nodes, so only for those subnet its part of, it can't go into a different network and query that table. Maybe this could be implemented by changing the backend from arp-scan to nmap (e.g. nmap -sn 10.42.0.0/24 )?
I think my question fits in this topic. I am using docker-compose to start WYL. As interface I have put eth0 and it finds only devices in 172.x.x.x network which I think are the docker interfaces. What I need is to scan for all the subnets I have in my network: 192.168.28.0/24, 10.0.107.0/24 and 10.0.208.0/24. Can this be done?
Is this gonna happen?
I haven't taken a look at the actual code but moving over to nmap should in theory not be too difficult and would allow scanning multiple subnets. I have made my own script that does this and notifies if it detects new devices. It's rudimentary but works well. https://github.com/broizter/openwrt-device-scanner/blob/main/device-scanner.sh
And it's possible to scan /16 network ?
This might be out of scope for the project though since arp-scan is limited to the local network only.