Description

Scans the defined network range using an ARP scan to identify hosts on the network.  For all found hosts the MAC address is checked against a text file known_hosts.txt for a match.  If it is found the description is displayed and the host is identified.  If the MAC address is not found, an email is sent to the configured email address and the MAC address, IP address and time is logged to the file unknown_hosts.txt.  The script repeats the scans at the configured interval.

Screen Shots

All hosts detected:

ARP Scan - All Hosts Recognised

Rogue host detected:

Rogue Host Detected

Requirements

PowerShell – standard on most Windows Server/client installations

NMap – used for performing the ARP scan and saving the results to a file for parsing by the PowerShell script

ARP Scan PowerShell Script – see the download links at the bottom of this page

Installation

Install NMap to the default location (or another location – but this will need to be updated in the PowerShell script Arp Scan.ps1)

Download the PowerShell script Arp Scan.ps1 and save to a location of your choice.

Configure the relevant options in the PowerShell script Arp Scan.ps1 :

$mins : the frequency in minutes the scan will repeat
$networkrange: the network range in CIDR notation
$smtpserver : the SMTP server to send alerts to
$smtpto : the address to send SMTP alerts to
$smtpfrom : the sending address to use for SMTP alerts

Usage

The first time the script is run all devices will be classed as unidentified and will be coloured red.

Run the script to test everything works – a list of all current devices on the network will be displayed.  Their MAC addresses should be copied and pasted into the file known_hosts.txt and a description of the device separated by a tab or space (MAC addresses should be entered in capitals) – see the included file known_hosts.txt.sample:

MAC Address       Description
00:00:00:00:00:00 Server
00:00:00:00:00:01 Computer 1

When the next scan is run the devices will turn green to identify they have been recognised.  Any new hosts which turn up will be coloured red, an email sent and the detail logged to known_hosts.txt

To have the script auto start either add it to the Startup folder or create the registry key HKLM\Windows\Microsoft\CurrentVersion\Run (you will lose the console output, but the text file for detected hosts will still be written to).

Feedback

If you have any feedback, please leave in the comments section below.

Download

ARP Scan – v1 – Direct Download

1 Comment

  1. […] I wanted to find out what devices where on my network – wired or wireless.  More over I wanted something that I could acknowledge known hosts and then be alerted when a new or unknown host was found on my network.  I couldn’t find anything FOSS other than some expensive network scanning/management tools, so I set about creating my own using Powershell and NMap – Arp Scan Alert Rogue Hosts […]

You must be logged in to leave a reply.