
How to track your coworkers – Simple passive network surveillance - combray
http://willschenk.com/how-to-track-your-coworkers
======
JakeSc
Good post, but is pinging the broadcast address really "passive network
surveillance"? My definition of "passive" involves never sending new network
traffic.

~~~
MiguelHudnandez
Yes, this is definitely an active scan. However, hooking in to DHCP syslogs
would still be passive. It's nice that the author provided an active
alternative in cases where you might not have access to the DHCP logs.

------
eridal
This is cool!

This have the problem that most phone devices does not reply to ping; that's
why software like fing[1] need to send an ARP to each ip in the network space;
every client in the network is required to answer those.

[1] [http://overlooksoft.com/fing](http://overlooksoft.com/fing)

~~~
combray
There is code in there to pull the arp table and use that, but it's commented
out because I never found a good way to determining how long things stay in
the ARP cache. Since we don't know how long they stay in there, you will lose
all of the "xxx left the network" notices, so we made that trade off.

------
giggles_giggles
It really kills me that something this small requires Redis. I don't want to
have to install Redis on an rpi just so that it can monitor the network with a
small script. Why not just use a Ruby-native data structure and store results
in memory?

~~~
combray
The reason that I used redis here is because I wanted it to work even if you
scheduled the thing in cron, or have it work when you restarted the process
and not give any false messages. Also, putting things in redis makes it easier
to integrate it with something else, e.g. a UI, without really having to tool
anything.

But yes, at this point it doesn't really need to use redis and if you don't
already have a redis-server running it's a bit of unnecessary work to get the
proof of concept working.

------
pritambaral
Just tried it out on our LAN. Had to modify options to ping to '-bc 4' (I'm on
desktop Linux), still didn't work. The only host that responded was the
gateway. We have Windows, Debian, Ubuntu and Arch Linux hosts on our network.

EDIT: Linux discards normal broadcast ICMP responses. Must switch off
/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts. Even after doing so, no
responses. I guess broadcast ping flood is a serious DoS concern that it's
almost universally disabled.

~~~
thyrsus
Yes: you would need to change /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
on every Linux device on your network. Which has the nice effect that this
"tracking" becomes opt-in :-).

Meanwhile, my employer uses a non-Microsoftly-inconvenient authentication to
get onto their WiFi, so I've never bothered to attach the smart phone they
assigned me to their WiFi, since I've got access to bigger screens for network
activities when I'm there.

------
martin_
"those can't be changed like the computer names can."

What about "ifconfig ether eth0 hw ether xx:xx...."?

This is a cool script, most routers offer a remote syslog functionality which
may be a good tool too.

~~~
mashhoodr
Yeah that is a problem, have been using this in my office - you can your MAC
using ifconfig and the new MAC gets registered.

------
freshflowers
I use this simple tool to discover what's on the network around me:
[http://www.iwaxx.com/lanscan/](http://www.iwaxx.com/lanscan/)

(Usually just to figure out which IP some device is on.)

~~~
mashhoodr
I also have a similar setup in my office, using Fing
([http://www.overlooksoft.com/fing](http://www.overlooksoft.com/fing)) to scan
(on a Raspberry Pi).

------
blissofbeing
Hmm, I get this error when trying to run this script:

.../.rbenv/versions/2.1.4/lib/ruby/2.1.0/resolv.rb:128:in `getname': no name
for 192.168.1.10 (Resolv::ResolvError)

~~~
jontas
I posted a comment on the original article with a fix for this, or just follow
the directions in this gist:

[https://gist.github.com/anonymous/969e460958ba3268a226](https://gist.github.com/anonymous/969e460958ba3268a226)

~~~
blissofbeing
thanks.

------
gsibble
Do most phones actually respond to pings?

~~~
combray
Based upon the phones in our office, yes.

