• Stars
    star
    110
  • Rank 316,770 (Top 7 %)
  • Language
    Shell
  • License
    MIT License
  • Created almost 7 years ago
  • Updated almost 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A command line tool to detect new unknown device in your network using ARP protocol

Net Guard

A command line tool to detect possible malicious activity in your network using ARP protocol. Maybe someone is hacking in your network! Alerts are sent via email.

Features

  • Detection of unknown devices
  • Detection of devices in promiscuous mode (approach taken from here)

Install

Mac

On Mac, install arp-scan:

brew install arp-scan

Configure mail on terminal, here's a tutorial on Gmail

Other Platforms:

TODO. PRs are welcome :)

Configure

Edit settings.cnf to set ALERT_EMAIL_ADD.

Add the Mac addresses of devices you know to whitelist.txt. You can list current connected devices using:

arp-scan --interface=<xx> --localnet

Newly found devices are recorded at new_found.txt, and are only reported once.

Both whitelist.txt and new_found.txt can be edited to include comments, such as:

00:11:22:33:44:55 # My iPhone

There are two equivalent lists for promiscuous mode devices (p_whitelist.txt and p_new_found.txt).

Usage

./net_guard.sh <interface>

E.g.: ./net_guard.sh en0

To list all network interfaces:

ifconfig