Raspberry Pi: Howto build a Local Network Monitor for Intrusion Logging Watchdog

Today the count of network devices at home networks grows up weekly, cause more and more home devices like freezers, coffee engines, dishwasher and more got builtin wifi interfaces. To have a Control Unit you can use a raspberry pi2 as cheap Network Monitor Logger.

The Raspian by default offers builtin free tools, like arp, arp-scan, nmap, ping to easy monitor a network. If you have learned some commands and the bash scripting you can fast create a Network Logger, perhaps with analyse tools to mail alerts if new „MAC“ NIC Adresses are seen. Every network device uses a owned MAC-ID like „00:d0:23:09:df:XX“. Thats like a car chassis number.

 

arp-scan
arp-scan

How to Setup:

  1. Install Raspian (Debian) on a SDCARD for PI2
  2. Boot the PI2 to Raspian
  3. Upgrade the OS
  4. Install lighttpd as Webserver for Outputs and start him
  5. Install the  Networktools „arp, arp-scan, nmap, ping“
  6. Edit root crontab to run the commands every minute like „* * * * *  /usr/sbin/arp-scan -l -I eth0 > /var/www/arp1/2-scan.log“
  7. Open a webbrowser to http://pi2/arp-scan.log #You should see the Text like inside the Image
  8. write a bash script with the „diff“ or „md5sums“ command to check the arp1-scan.log against the arp2-scan.log if any changes you can output a mail thru exim4 mailserver..

Advantage? A Pi2 is a powerful LAN WATCHDOG with 1Watt/hour and Mail Output Support to your devices! for free..