The Fingbox is a really nice piece of hardware that monitors activity on your network. You get notifications, when a new device is connecting to your network or if your internet is going down.
If you don’t have VLANs or special requirements: go and get one for yourself and skip the rest of this post. 🙂
My “special” requirements:
- integrate in my home automation (mqtt/node-red)
- support VLANs (I have different VLANs for security cams, cloud devices, servers, administration…)
- running on my server (Proxmox), if I don’t get it in hardware
Searching the internet I found pi.alert, which is quite close to what I want. There are many forks of it implementing webhooks or other features but everything I tried out, lacked some features. I took a deep dive in the source code of pi.alert and discovered nmap.
nmap is incredible: you can do fast scans of your network or deep portscans and even extract information about the ssl-certificates used by the devices. (No more expired certificates…)
My MVP for replacing my Fingbox:
- every 2 minutes arp scan all my vlans and store results in postgres (node-red)
- analyze scans and notify new devices (pushover)
WIP:
- scan implemented with node-red and nmap
- store results in postgres
- next step: implement notifications
Did you know….
- Proxmox uses the same MAC address on differen VLANs with different IPs? -> MAC adresses can have multiple IPs on different VLANs
- arp-tables may have multiple IPs on the same VLAN/mac on Raspberry connected through wlan and cable
Should I document my node-red flows? Write a comment…