search

leiweibau / Pi.Alert

Scan the devices connected to your WIFI / LAN and alert you the connection of unknown devices. It also warns if a "always connected" device disconnects. In addition, it is possible to check web services for availability. For this purpose HTTP status codes and the response time of the service are evaluated.
https://leiweibau.net
GNU General Public License v3.0
406 stars 28 forks source link

WARNING: Cannot open MAC/Vendor file /usr/share/arp-scan/ieee-iab.txt: No such file or directory #203

Closed TheCableGuy99 closed 10 months ago

TheCableGuy99 commented 10 months ago

Hi,

I ran a manual scan from the cli and noticed several notifications of this error, should I be concerned or can it be ignored?



Pi.Alert  (2023-10-23)
---------------------------------------------------------
Current User: root

Scan Devices
    Timestamp: 2023-11-03 01:35:00

Scanning...
    arp-scan Method...
    arp-scan: Multiple interfaces
WARNING: Cannot open MAC/Vendor file /usr/share/arp-scan/ieee-iab.txt: No such file or directory
WARNING: Cannot open MAC/Vendor file /usr/share/arp-scan/ieee-iab.txt: No such file or directory
WARNING: Cannot open MAC/Vendor file /usr/share/arp-scan/ieee-iab.txt: No such file or directory
WARNING: Cannot open MAC/Vendor file /usr/share/arp-scan/ieee-iab.txt: No such file or directory
WARNING: Cannot open MAC/Vendor file /usr/share/arp-scan/ieee-iab.txt: No such file or directory
WARNING: Cannot open MAC/Vendor file /usr/share/arp-scan/ieee-iab.txt: No such file or directory
WARNING: Cannot open MAC/Vendor file /usr/share/arp-scan/ieee-iab.txt: No such file or directory
WARNING: Cannot open MAC/Vendor file /usr/share/arp-scan/ieee-iab.txt: No such file or directory
WARNING: Cannot open MAC/Vendor file /usr/share/arp-scan/ieee-iab.txt: No such file or directory
WARNING: Cannot open MAC/Vendor file /usr/share/arp-scan/ieee-iab.txt: No such file or directory
    Pi-hole Method...
        ...Skipped
    DHCP Leases Method...
        ...Skipped
    Fritzbox Method...
        ...Skipped
    Mikrotik Method...
        ...Skipped
    UniFi Method...
        ...Skipped

Processing scan results...
    Processing ignore list...
        Delete 0 ignored devices from scan on appearance
    Devices Detected.......: 75
        arp-scan Method....: 73
        Pi-hole Method.....: +0
        Fritzbox Method....: +0
        Mikrotik Method....: +0
        UniFi Method.......: +0
        New Devices........: 0

    Devices in this scan...: 75
        Down Alerts........: 0
        New Down Alerts....: 0
        New Connections....: 2
        Disconnections.....: 5
        IP Changes.........: 0

Updating DB Info...
    Sessions Events (connect / discconnect) ...
    Creating new devices...
    Updating Devices Info...
        Trying to resolve devices without name...
        Names updated:   0
    Voiding false (ghost) disconnections...
    Pairing session events (connection / disconnection) ...
    Creating sessions snapshot...
    Skipping repeated notifications...
    Calculate Activity History...

Start ICMP Monitoring...
    Get Host/Domain List...
        List contains 0 entries
    Flush previous ping results...
    Ping Hosts...
    No Hosts(s) to monitor!

Reporting...
    Formating report...
    No changes to report...
    Notifications: 0

Reporting (ICMP Monitoring) ...
    No changes to report...

DONE!!!```

Thanks
leiweibau commented 10 months ago

Have you checked /usr/share/arp-scan/ ?

What happens when you run the command sudo get-oui -v on your Pi.Alert host?

TheCableGuy99 commented 10 months ago

Hey,

I checked that directory and it's got similar files but not the exact one it's looking for:


total 2208
drwxr-xr-x   3 root root    4096 Nov  2 23:11 .
drwxr-xr-x 118 root root    4096 Nov  2 23:10 ..
drwxr-xr-x   2 root root    4096 Jul  5 09:20 2_backup
-rw-r--r--   1 root root  140454 Oct 30 03:00 ieee-iab.txt.bak
-rw-r--r--   1 root root 1049138 Nov  2 23:11 ieee-oui.txt
-rw-r--r--   1 root root 1047891 Oct 30 03:00 ieee-oui.txt.bak
-rw-r--r--   1 root root    2032 Feb 10  2021 mac-vendor.txt```

Output from the command:
```root@pialert:/usr/share/arp-scan# sudo get-oui -v
Renaming ieee-oui.txt to ieee-oui.txt.bak
Fetching OUI data from file://var/lib/ieee-data/oui.txt
Fetched 5606330 bytes
Opening output file ieee-oui.txt
34575 OUI entries written to file ieee-oui.txt```

Thanks.
TheCableGuy99 commented 10 months ago

I get the impression your reply is supposed to have opened my eye to the problem but I'm still not sure how to resolve this?

leiweibau commented 10 months ago

Please rename the file "ieee-iab.txt.bak" in the directory to "ieee-iab.txt".

The warning should then disappear. The vendor update script does not actually touch this file any more.

With my question I actually wanted to ask whether incorrect permissions could play a role

TheCableGuy99 commented 10 months ago

Worked like a charm, thank you mate :)