LAN 网络上有新 WiFi 设备时发出警告

Question

我通过以太网连接。但几乎所有其他设备都使用 WiFi。是否可以在 Ubuntu 22.04 中获取连接到我的路由器的设备列表？如果有某种方法可以在新设备连接到 WiFi 网络时发出警报，那就太好了。

编辑 1：有趣的arp -a是提供了更多详细信息，但没有提供设备信息。一些内部 IP 和 MAC ID。

编辑2：我认为可以通过以下方式获得更多详细信息，arp -a因为我运行了@Raffa 共享的nmap命令。

编辑 3：已经有一个名为Nutty的工具可以执行此操作，但上次发布是 2019 年。

Answer 1

我希望这有帮助或至少有教育意义:-) ...它应该作为bash脚本运行...它用于notify-send通知：

\n

#!/bin/bash\n\n# Start the main loop\nwhile true; do\n  # Change "10.0.0.0/24" to your network address and your netmask e.g. "192.168.1.0/24"\n  # Use "nmap" to get discoverable devices on the network and parse the output to get only those with resolvable hostnames into an arry "a"\n  readarray -t a < <(nmap -sn 10.0.0.0/24 | awk \'/Nmap scan report for/ && NF == 6 {print $((NF-1)), $NF}\')\n  # To get even devices with un-resolvable/empty/unset hostnames, comment the above line and uncomment the below line\n  # readarray -t a < <(nmap -sn 10.0.0.0/24 | awk \'/Nmap scan report for/ {print $5, $6}\')\n  # Loop over items in array "a"\n  for item in "${a[@]}"; do\n    # Get device\'s MAC address from the already updated arp table\n    ip=${item#*(}; ip=${ip%)*}; mac=$(arp -n "$ip" | awk \'/.*:.*:.*:.*:.*:.*/{printf "%s", $3}\')\n    # Compare items to array "b" and send notification for recently connected devices.\n    [[ ! "${b[*]}" =~ "${item}" ]] && notify-send -i network-wired "Connected device:" "Hostname (IP) MAC:\\n ${item} ${mac}"\n    done\n  # Loop over items in array "b" ... Notice this array is not initially declared for simplicity and shortness.\n  for item in "${b[@]}"; do\n    # Compare items to array "a" and send notification for recently disconnected devices.\n    [[ ! "${a[*]}" =~ "${item}" ]] && notify-send -i network-error "Disconnected device:" "Hostname (IP):\\n ${item}"\n    done\n    # Copy array "a" to array "b"\n    b=("${a[@]}")\n    # Wait N seconds before continuing the main loop\n    sleep 60\n  done\n

\n

上述脚本的终端显示版本（具有额外功能）如下所示：

\n

#!/bin/bash\n\n# This script depends on these commands/utilities (mktemp, nmap, awk, arp, column, sort, nl and notify-send)\n\nnts="1" # Set this to "1" to enable sending desktop (notify-send) notifications on new or disconnected devices or to "0" to disable it.\nnetwork="10.0.0.0/24" # Change "10.0.0.0/24" to your network address and your netmask e.g. "192.168.1.0/24"\nsi="60" # Scan interval in seconds. Lower is NOT always better (between "30" and "300" is recommended for "/24" subnet). Devices are discovered at this interval and considered disconnected 3X this interval. \nlogfile="$HOME/NetworkDevicesMonitor.log" # Pathe to the log file. It will be created if it dosen\'t exist.\n# Path to Nmap MAC prefixes file on your system (It comes with nmap when installed). This is the default path and should work fine:\npdb="/usr/share/nmap/nmap-mac-prefixes"\n\n\n### Don\'t edit below this line unless you know what you\'re doing ###\n# Create a temporary file with "mktemp"\ntmpfile=$(mktemp)\n# Start the main loop\nwhile true; do\n  # Clear the temporary file\n  > "$tmpfile"\n  # Use "nmap" to get discoverable devices on the network and parse the output into an arry "a"\n  readarray -t a < <(nmap -sn "$network" | \\\n  awk \'/Nmap scan report for/ && (NF == 6) {print $5, $6} /Nmap scan report for/ && (NF == 5) {print "Unavailable", "("$5")"}\')\n  # Loop over items in array "a"\n  for item in "${a[@]}"; do\n    # Get device\'s MAC address from the already updated arp table\n    ip=${item#*(}; ip=${ip%)*}; mac=$(arp -n "$ip" 2> /dev/null | awk \'/.*:.*:.*:.*:.*:.*/{printf "%s", $3}\'); [[ -z "$mac" ]] && mac="Unknown"\n    # Lookup vendor\n    if [[ "$mac" == "Unknown" ]]; then\n      vendor="$mac"\n    else\n      awmac="${mac//:}"\n      awmac="${awmac:0:6}"\n      vendor=$(awk -v mac="${awmac}" \'BEGIN{IGNORECASE=1} $1 == mac {for(i=2;i<NF;++i) printf "%s_", $i; printf "%s", $NF }\' "$pdb")\n    fi\n    [[ -z "$vendor" ]] && vendor="Unavailable"\n    # Compare items to array "b" and write new and connected devices to file (and send notifications if enabled).\n    if [[ ! "${b[*]}" =~ "${item}" ]] && [[ ! "${c[*]}" =~ "${item}" ]] && [[ ! "${d[*]}" =~ "${item}" ]]; then\n      echo -e "1 \\U2191 New ${item} ${mac} ${vendor}" >> "$tmpfile"\n      echo -e "[$(date)] \\U2191 Connected: ${item} ${mac} ${vendor}" >> "$logfile"\n      [[ "$nts" == 1 ]] && notify-send -u critical -i network-wired "New device:" "${item}\\n${mac}\\n${vendor}\\n$(date)"\n    else\n      echo -e "3 \\U2194 Connected ${item} ${mac} ${vendor}" >> "$tmpfile"\n      fi\n    done\n  # Loop over items in array "d" ...\n  for item in "${d[@]}"; do\n    # Get device\'s MAC address from the already updated arp table\n    ip=${item#*(}; ip=${ip%)*}; mac=$(arp -n "$ip" 2> /dev/null | awk \'/.*:.*:.*:.*:.*:.*/{printf "%s", $3}\'); [[ -z "$mac" ]] && mac="Unknown"\n        # Lookup vendor\n    if [[ "$mac" == "Unknown" ]]; then\n      vendor="$mac"\n    else\n      awmac="${mac//:}"\n      awmac="${awmac:0:6}"\n      vendor=$(awk -v mac="${awmac}" \'BEGIN{IGNORECASE=1} $1 == mac {for(i=2;i<NF;++i) printf "%s_", $i; printf "%s", $NF }\' "$pdb")\n    fi\n    [[ -z "$vendor" ]] && vendor="Unavailable"\n    # Compare items to array "a" and write disconnected devices to file (and send notifications if enabled).\n    if [[ ! "${a[*]}" =~ "${item}" ]] && [[ ! "${b[*]}" =~ "${item}" ]] && [[ ! "${c[*]}" =~ "${item}" ]]; then\n      echo -e "2 \\U2193 Disconnected ${item} ${mac} ${vendor}" >> "$tmpfile"\n      echo -e "[$(date)] \\U2193 Disconnected: ${item} ${mac} ${vendor}" >> "$logfile"\n      [[ "$nts" == 1 ]] && notify-send -u critical -i network-error "Disconnected device:" "${item}\\n${mac}\\n${vendor}\\n$(date)"\n      fi\n    done\n    # Copy to redundant arrays "c" and "d" used for more reliable status and notification\n    d=("${c[@]}")\n    c=("${b[@]}")\n    # Copy array "a" to array "b"\n    b=("${a[@]}")\n    # Clear the terminal\n    clear\n    # Format and write output\n    sort -k1 "$tmpfile" | nl | column -t -N \'#,s,*,Status:,Hostname:,(IP):,MAC:,Vendor:\' -H \'s\'\n    # Wait N seconds before continuing the main loop\n    sleep "$si"\n  done\n

\n

注意事项：

\n

\n

• 还有一些替代的脚本方法，其中一些需要使用sudo更高的权限，例如，nmap如果以 root \xe2\x80\xa6 身份运行，它本身将打印 MAC 地址，但是我不惜一切代价避免了这些方法，并使用了不\xe2\ 的安全解决方法x80\x99t 需要以 root \xe2\x80\xa6 身份运行 It\xe2\x80\x99s 还值得注意的是，您的问题和其他问题中链接的示例应用程序依赖并使用nmap in the background \xe2\x80\xa6 So, when all roads lead to Rome as such, I usually advocate the shortest, safest and straightest one :-).

  \n
\n

• Arp（地址解析协议）表已在大多数支持网络的操作系统（包括 Ubuntu）上实现并可用（cat /proc/net/arp会给您一个想法），您可以轻松快速地查询它们 \xe2\x80\xa6 但是，在您的用例中需要了解的重要事项是新连接到网络的设备不一定会立即/立即添加到这些 arp 表 \xe2\x80\xa6 您的主机需要与这些设备通信并交换 arp 数据包（例如，通过向它们发送 arp 请求或回显请求）它的 arp 表会相应地更新...这里也有有用的信息。

  \n
\n

• Nowadays and by default, devices change their MAC addresses to random ones and/or hide their host/device names when they connect to different networks ... It\'s considered a security/privacy feature and it can usually be disabled/enabled under network connections settings.

  \n
\n

\n