Last active
November 27, 2019 19:24
-
-
Save mrworf/7e151e762488dff8979ea74d09bd421f to your computer and use it in GitHub Desktop.
Resolve all unknown devices on your network. Run on your filrewall, assumes DNS names with dhcp in it to be unknown devices and then resolves the owner of the MAC address space.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| PREFIX=dhcp | |
| if [ ! -z "$1" ]; then | |
| PREFIX="$1" | |
| fi | |
| if [ ! -f /tmp/macdb ]; then | |
| curl 'https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf' > /tmp/macdb | |
| fi | |
| # Ping all IPs to weed out dead IPs since ARP may be old | |
| echo 'Pinging all unknown IPs, please wait' | |
| for IP in $(arp -a | grep -v incompl | grep "$PREFIX" | egrep -oe '[12][0-9]{0,2}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort | uniq); do | |
| echo " $IP" | |
| ping -c 1 -w 1 -q $IP >/dev/null 2>/dev/null | |
| done | |
| echo 'Done, resolving real IPs' | |
| MACS=$(arp -a | grep -v incompl | grep "$PREFIX" | egrep -oe '[0-f]{2}:.{14}' | sort | uniq) | |
| COUNT=0 | |
| for MAC in ${MACS}; do | |
| COUNT=$(($COUNT + 1 )) | |
| WHOIS="$(grep -i "${MAC:0:8}" /tmp/macdb | cut -f 3)" | |
| if [ -z "$WHOIS" ] ; then | |
| WHOIS="$(grep -i "${MAC:0:8}" /tmp/macdb | cut -f 2)" | |
| fi | |
| if [ -z "$WHOIS" ] ; then | |
| WHOIS=$MAC | |
| fi | |
| HASIPS="$(arp -a | grep -v incomp | grep ${MAC} | egrep -oe '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}+')" | |
| for HASIP in $HASIPS; do | |
| echo "${MAC} | ${HASIP} belongs to ${WHOIS}" | |
| done | |
| done | |
| echo "Found $COUNT devices which had no assigned DNS name" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment