from Hacker News

How to track your coworkers – Simple passive network surveillance

by combray on 10/31/14, 8:59 PM with 18 comments

  • by JakeSc on 10/31/14, 10:18 PM

    Good post, but is pinging the broadcast address really "passive network surveillance"? My definition of "passive" involves never sending new network traffic.

  • by _lce0 on 10/31/14, 10:27 PM

    This is cool!

    This have the problem that most phone devices does not reply to ping; that's why software like fing[1] need to send an ARP to each ip in the network space; every client in the network is required to answer those.

    [1] http://overlooksoft.com/fing

  • by giggles_giggles on 11/1/14, 1:25 AM

    It really kills me that something this small requires Redis. I don't want to have to install Redis on an rpi just so that it can monitor the network with a small script. Why not just use a Ruby-native data structure and store results in memory?

  • by pritambaral on 10/31/14, 10:47 PM

    Just tried it out on our LAN. Had to modify options to ping to '-bc 4' (I'm on desktop Linux), still didn't work. The only host that responded was the gateway. We have Windows, Debian, Ubuntu and Arch Linux hosts on our network.

    EDIT: Linux discards normal broadcast ICMP responses. Must switch off /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts. Even after doing so, no responses. I guess broadcast ping flood is a serious DoS concern that it's almost universally disabled.

  • by martin_ on 10/31/14, 9:37 PM

    "those can't be changed like the computer names can."

    What about "ifconfig ether eth0 hw ether xx:xx...."?

    This is a cool script, most routers offer a remote syslog functionality which may be a good tool too.

  • by freshflowers on 10/31/14, 11:01 PM

    I use this simple tool to discover what's on the network around me: http://www.iwaxx.com/lanscan/

    (Usually just to figure out which IP some device is on.)

  • by blissofbeing on 10/31/14, 9:56 PM

    Hmm, I get this error when trying to run this script:

    .../.rbenv/versions/2.1.4/lib/ruby/2.1.0/resolv.rb:128:in `getname': no name for 192.168.1.10 (Resolv::ResolvError)

  • by gsibble on 10/31/14, 10:17 PM

    Do most phones actually respond to pings?