Net Guard
A command line tool to detect possible malicious activity in your network using ARP protocol. Maybe someone is hacking in your network! Alerts are sent via email.
Features
- Detection of unknown devices
- Detection of devices in promiscuous mode (approach taken from here)
Install
Mac
On Mac, install arp-scan:
brew install arp-scan
Configure mail on terminal, here's a tutorial on Gmail
Other Platforms:
TODO. PRs are welcome :)
Configure
Edit settings.cnf to set ALERT_EMAIL_ADD.
Add the Mac addresses of devices you know to whitelist.txt. You can list current connected devices using:
arp-scan --interface=<xx> --localnet
Newly found devices are recorded at new_found.txt, and are only reported once.
Both whitelist.txt and new_found.txt can be edited to include comments, such as:
00:11:22:33:44:55 # My iPhone
There are two equivalent lists for promiscuous mode devices (p_whitelist.txt and p_new_found.txt).
Usage
./net_guard.sh <interface>
E.g.: ./net_guard.sh en0
To list all network interfaces:
ifconfig