Snooping your LAN from linux/perl

For PC type software that runs under some PC opsys.

Snooping your LAN from linux/perl

Postby Doug Coulter » Sun Jul 15, 2012 2:25 pm

I have a LAN (no kidding?) but I don't have a central always-on server for example - I just power up the machines I need at the moment, which might be only one. DNS for me is done by my ISP, and they don't handle my internal lan, which is netbios/samba managed, more or less. All my machines are DCHP'd by the ISP's router, which means I can't count on particular IP addresses inside my lan - it varies all over the place.
Usually that's no problem - I can surf machines by name in the file browser and so on, but what if I want to write some code to say, push all the data from a fusor run into the SQL database on a particular server by name? Gotta find out what IP address that server has at the moment for that problem, to have something to tell DBD/DBI where to look for the instance of MySQL I want. Or better yet, a way to keep "hosts" file updated dynamically. But to do that, you need to know what to put into it, and it turns out not to be quite trivially easy. So, this weekend's project was to develop some Perl code that can run on any machine and build up a hash of hashes with all this neat info in it - this is "steal me" code to put into something that could update etc/hosts locally as a daemon running in the background, say once a minute or so. I've not done that part yet - but I will, and install this on all my machines (or at least, all the PCs, not everything on my lan is always a PC, some are pics, routers, DSL modems etc).
But you need the core code that finds this junk out first, and here's what the output looks like.
snoopoutput.png
Output from the snoop program

Not hard to get from there to updating a text file. Of course, perl is almost impossible to write or read without syntax highlighting. I use gedit here, but there are plenty of other editors/ide's out there (Padre, Geany). Doing this, I discovered how to mess up the highlighting in gedit, though - some perl "format" statements confuse it.
Here's what that looks like:
snoopcode.png
perl in gedit

And, since I'm an open source type, here's the code itself. This took a lot more googling and book reading than typing - some of the ways to find this stuff out are obscure, to say the least - and the things that can find out about the rest of the LAN can't see the machine they are run from!
snoop.zip
the perl code, zipped up
(1.68 KiB) Downloaded 342 times


This code requires you to install a program called arp-scan, and diddle that a little bit unless you want to run snoop as root, or give up the hardware info. I put instructions in the code itself (don't need 'em if you don't have it) but basically it boils down to this:
Install arp-scan. I use synaptic for that.
Make arp-scan setuid - go to the directory it's in (here, that's /usr/bin) and say sudo chown 6711 arp-scan - you have to be root to make something else root!
Then go to the directory it keeps it's mapping from something in arp to manufacturer info, which here is /usr/share/arp-scan and say:
sudo get-iab
sudo get-oui
Also have to be root for these. Those scripts pull down the latest files from IEEE so you can find out who made the ethernet interface on whatever snoop finds.

Of course, this is utterly linux-only. It will find windows stuff fine, but only will run on linux. Strange that the networks protocols that made things opsys and machine independent nevertheless are handled differently inside each kind of opsys/machine....but it is what it is! It will even find things running in virtual box...but as luck would have it, all my "production machines" are linux, and that's where the services I run to support my LAN (MySQL, apache and so forth) live anyway. I don't do data aq and so on with windows, it's too slow/chunky timeslicing and too much hassle to develop for these days, especially if you want to get close to the hardware without paying for a new DevStudio or paying for a driver license key (prohibitive these days - and very time-wasting).
Posting as just me, not as the forum owner. Everything I say is "in my opinion" and YMMV -- which should go for everyone without saying.
User avatar
Doug Coulter
 
Posts: 3515
Joined: Wed Jul 14, 2010 7:05 pm
Location: Floyd county, VA, USA

Return to PC

Who is online

Users browsing this forum: No registered users and 5 guests

cron