Closed sgr78 closed 4 months ago
leiweibau
commented
4 months ago The "Detection Error" error is output if the "validate_dhcp_address" function returns a "False", i.e. it is not a valid IPv4 address according to the function. It would now be useful to check what output the command sudo nmap --script broadcast-dhcp-discover 2>/dev/null | grep "Server Identifier" | awk '{ print $4 }' returns for the device in question and what the difference is to the other device.
sgr78
commented
4 months ago It works on both systems
On the VM with one IF, I get only one IP response
10.10.10.1
On the Pi 5, I get two similar IP
(the same DHCP Server as above but twice due to eth and Wlan being actively connected), no errors at all.
10.10.10.1
10.10.10.1I expected to get a message in PiAlert like
DHCP server found: IP address
Too many or Duplicate DHCP addressInstead I only get Detection Error...
leiweibau
commented
4 months ago No, if a DHCP IP is entered several times, this should not really be a problem, as I read the results with the addition "DISTINCT" after I have written them to the database. This means that there are no "duplicate" entries. As I said, the error comes from the IP validation function.
You could make a database backup after the scan and then download it. You could then use a tool like "DB Browser for SQLite" to look at the "Nmap_DHCP_Server" table in the database to see what is in there.
So Quickfix you can also try the following (this is not the solution to the problem, but only a workaround):
Search the following section in pialert.py in the "pialert/back/" directory:
def validate_dhcp_address(ip_string):
try:
ip_object = ipaddress.ip_address(ip_string)
return True
except ValueError:
return FalseReplace it with this section:
def validate_dhcp_address(ip_string):
return TrueNmap_DHCP_Server
dhcp_server table reads
10.10.10.110.10.10.1
the two IPs "bonded" together
I have edited the pialert.py, as per your Instructions and replaced the section with
def validate_dhcp_address(ip_string):
return TrueWill report back asap I got results
leiweibau
commented
4 months ago Okay 10.10.10.110.10.10.1 is def. wrong
sgr78
commented
4 months ago Okay 10.10.10.110.10.10.1 is def. wrong
and just got a message in a Noice Red Background
Rogue DHCP Server
Detected Server(s): 10.10.10.110.10.10.1UPD. Meanwhile Scan Completed and results are
Looking for Rogue DHCP Servers...
One DHCP Server detected......: 10.10.10.110.10.10.1(invalid)Now that we know where the error is, you can undo the change. I now have to see how I can prevent this error with the connected IP addresses.
sgr78
commented
4 months ago Now that we know where the error is, you can undo the change. I now have to see how I can prevent this error with the connected IP addresses.
Thanks, glad to be of help and glad that a solution Is on the way!! 👍
leiweibau
commented
4 months ago and glad that a solution Is on the way
I haven't written anything about a solution yet 😉
leiweibau
commented
4 months ago Background: With the scan, I have so far assumed that only one DHCP server is output. With the expected result, I remove the line break. However, since in your case (several interfaces) 2 servers are output, the line break is removed here, which leads to this "invalid" IP.
leiweibau
commented
4 months ago sgr78
commented
4 months ago Can you try this fix?
https://raw.githubusercontent.com/leiweibau/Pi.Alert/d32a914dd67ea16a634a01754f7b49c3425b0862/back/pialert.py On It, Applied it and patiently waiting!
UPD. Results after two consecutive scans
Looking for Rogue DHCP Servers...
Multiple DHCP Servers detected:
Detection Error
10.10.10.1 (valid)I Will try to clear the dhcp_server table, let it make two runs to get some more "clear" results and will update If the detection error message disappears..
leiweibau
commented
4 months ago Detection Error
Can you take another look at the table in the database to see what it says?
sgr78
commented
4 months ago Detection Error
Can you take another look at the table in the database to see what it says?
It was showing only one entry per line BUT I proceeded and cleared the table and re uploded the modded DB It has been Three or Four runs till now and the Issue seems to be gone
Looking for Rogue DHCP Servers...
One DHCP Server detected......: 10.10.10.1 (valid)I have redownloaded the database and Inspected the table It has populated now more rows (31) than before (12) with single IP entries, I guess the cleanup did help...
UPD. Fifth Run going for the sixth, all's well! 👍👌
UPD. Sixth everything seems smooth!
leiweibau
commented
4 months ago Excellent. I will release this fix with the next update
sgr78
commented
4 months ago Excellent. I will release this fix with the next update
Thank you, glad to be of help!
Hello, Maybe It's me, I may have something overlooked, configuration issue or Is it PiAlert issue, here it goes. I'm having this Issue a long time (six months or more and still researching It).. I have two Instances of PiAlert one for production and one for tests, The first Instance is a VM with no Issues at all and the second one is a bare deploy on a Pi 5 with Pi OS Lite, On the Pi 5 I have two IF, Eth0 and Wlan0 which are actively connected for redundancy, with preset ip pool based on mac address from my main router, yet Pi device is set to AUTO and sends request properly and gets offer..
The Issue is when the Rogue DHCP runs I always get on the Pi 5
I have ran and concluded sucessfuly with no errors at all
I also peeked at the source code of pialert on the Rogue DHCP Section and ran
nmap --script broadcast-dhcp-discover 2>/dev/null | grep "Server Identifier"Which also concluded successfully and returned as expected two Server Identifiers because of Eth and Wlan (with same DHCP server IP, as it is connected on the same network)Yes I have tried disabling one of the two IF, just to test if the Issue is caused by multiple enabled IF with multiple DHCPs (even though it is the same server on both) but no dice...
I'm running out of Ideas here and any help/guidance will be much welcomed and appreciated!