Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Need help with script to check active IPs
#1
OK so I have been using a script I put together a while back to check who is actively connected to my WiFi router.
Very useful if you have kids that chat online in the middle of the night.
And just to see how many are connected. A first step in defending your WiFi is to know who is connected.

until yesterday i was using this
Code:
#!/usr/bin/env bash
#
# START OF SCRIPT
#
#
clear;clear

IP1="192.168.1."
ROUTER="254"
UBU1="80"     # UBU1
KAL1="100"     # KALI HP LAPTOP
TABLET="103"   # TABLET
MOTO_1="101"   # MY PHONE

# colors
  c1="\e[31m" # Red
  c2="\e[32m" # Light Green
  c3="\e[33m" # Yellow
  c4="\e[34m"  # Calm Blue
  c5="\e[35m" # Violet
  c6="\e[36m" # Arch Blue
  c7="\e[37m" # White
  c8="\e[38m" # Sky Blue
  c9="\e[39m" # Light Grey
  c10="\e[30m" # Dark Grey
  c0="\e[0m" # Normal

mip_1="$(ip addr show dev $(ip route ls|awk '/default/ {print $5}')|grep -Po 'inet \K(\d{1,3}\.?){4}' )"

echo -e ${c2}"$mip_1 Is Your IP "${c0}
echo ""

  check_for_life()
  {
    ping -c 1 -w 2 $1 > /dev/null
    [ $? == 0 ]  && echo $i
  }
  for i in 192.168.1.{1..254}
  do
check_for_life $i &

known_ips(){
# Wifi Router
if [ "$i" = "${IP1}${ROUTER}" ]
  then echo -e "${IP1}${ROUTER} ${c2} <----- WiFi Router ${c0}"
fi
# Toshiba laptop
if [ "$IP1$UBU1" == "$i" ]
  then echo -e "${IP1}${UBU1} ${c6} <------ UBU1 ${c0}"
fi
# KUBU Kali
if [ "$IP1$KAL1" == "$i" ]
  then echo -e "$IP1$KAL1 ${c4} <----- KALI ${c0}"
fi
#
# old TABLET
if [ "$IP1$TABLET" == "$i" ]
  then echo -e "$IP1$TABLET ${c3} <----- TABLET ${c0}"
fi
#
# moto, my phone
if [ "${IP1}${MOTO_1}" == "$i" ]
  then echo -e "${IP1}${MOTO_1} ${c7} <----- MY_MOTO ${c0}"
fi
#
}

known_ips

   done | sort
  
 
And it worked fine, so I thought. but yesterday I had both my laptops side by side and ran this script in my UBU1. it said my kali wasn't connected but it was, And it was right next to it. I was looking right at it.

So I decided to do a total rework on the script. it now looks like this
Code:
#!/usr/bin/env bash
#
# START OF SCRIPT
clear;clear

IP1="192.168.1."
ROUTER="254"
UBU1="80"     # UBU home 80
KAL1="100"     # KALI HP LAPTOP
TABLET="103"   # MY TABLET
MOTO_1="101"   # MY PHONE

# colors
  c2="\e[32m" # Light Green
  c3="\e[33m" # Yellow
  c4="\e[34m"  # Calm Blue
  c6="\e[36m" # Arch Blue
  c7="\e[37m" # White
  c0="\e[0m" # Normal

mip_1="$(ip addr show dev $(ip route ls|awk '/default/ {print $5}')|grep -Po 'inet \K(\d{1,3}\.?){4}' )"

echo -e ${c2}"$mip_1 Is Your IP "${c0}
echo ""

who_is_here(){
nmap -n -sn 192.168.1.0/24 -oG - | awk '/Up$/{print $2}'
echo -e "${IP1}${ROUTER} ${c2} <----- WiFi Router ${c0}"
echo -e "${IP1}${UBU1} ${c6} <------ UBU1 ${c0}"

echo -e "$IP1$KAL1 ${c4} <----- KALI ${c0}"
echo -e "$IP1$TABLET ${c3} <----- TABLET ${c0}"
echo -e "${IP1}${MOTO_1} ${c7} <----- MY_MOTO ${c0}"
}

who_is_here | sort -nr
echo ""


with an output like this
[Image: Screenshot-from-2020-04-03-17-25-32.png]

What I have in mind to do is show UBU1,TABLET, MY MOTO, or KALI and their IP address, but only if they are present.
This is where I need help. Currently if one of the four are active it shows the number twice like UBU1 at the top.
and if it is not active it still shows it once. (because I just use echo)
I want the arrows with the color and identifiers, but only if they are active. And only once.
I tried this in the first script, but it didn't work. so I figured ,why not just keep it simple.

But it would be much less confusing if they only appeared when active. Any ideas?

what aggravates me is that back in 2002 I had a script that did that, but I lost it and have forgotten the code.
so any help or pointers would be greatly appreciated. thanks in advance.

kudos

____________________________________________________________________________________
P.S.
      Not that it would matter much, but none of the IP addresses in the image are actual addresses. GIMP is a great tool.
      I actually spent about 2 hours making sure of that, and that the fake addresses were in the example script as well.
      although that is exactly how it would look.

again,

kudos
A computer without Microsoft is like a piece of chocolate cake without ketchup and mustard.


Telegram @eliasw4u
Reply
#2
I might have figured it out

I put this in a test script and it seems to work
Code:
#!/usr/bin/env bash
#
# START OF SCRIPT
rm /home/$USER/dev/IP_ADDIES.txt
rm /home/$USER/dev/IP_ADDIES_UNKNOWN.txt

clear;clear

IP1="192.168.1."
ROUTER="254"
UBU1="102"     # UBU home 102
UBU2="80"      # UBU work 80
KAL1="100"     # KALI HP LAPTOP
TABLET="103"   # MY TABLET
MOTO_1="70"   # MY PHONE

# colors
  c1="\e[31m" # RED
  c2="\e[32m" # Light Green
  c3="\e[33m" # Yellow
  c4="\e[34m"  # Calm Blue
  c6="\e[36m" # Arch Blue
  c7="\e[37m" # White
  c0="\e[0m" # Normal

mip_1="$(ip addr show dev $(ip route ls|awk '/default/ {print $5}')|grep -Po 'inet \K(\d{1,3}\.?){4}' )"

echo -e ${c2}"$mip_1 Is Your IP "${c0}
echo ""

who_is_here(){
nmap -n -sn 192.168.1.0/24 -oG - | awk '/Up$/{print $2}' > /home/$USER/dev/IP_ADDIES.txt

grep -q "${IP1}${ROUTER}" "/home/$USER/dev/IP_ADDIES.txt"
     if [ $? -eq 0 ]
        then
            echo -e "${IP1}${ROUTER} ${c2} <----- WiFi Router ${c0}"
     fi

grep -q "${IP1}${UBU1}" "/home/$USER/dev/IP_ADDIES.txt"
     if [ $? -eq 0 ]
        then
            echo -e "${IP1}${UBU1} ${c4} <----- UBU1 ${c0}"
     fi

grep -q "${IP1}${UBU2}" "/home/$USER/dev/IP_ADDIES.txt"
     if [ $? -eq 0 ]
        then
            echo -e "${IP1}${UBU2} ${c4} <----- UBU1 ${c0}"
     fi

grep -q "$IP1$KAL1" "/home/$USER/dev/IP_ADDIES.txt"
     if [ $? -eq 0 ]
        then
            echo -e "$IP1$KAL1 ${c4} <----- KALI ${c0}"
     fi

grep -q "$IP1$TABLET" "/home/$USER/dev/IP_ADDIES.txt"
     if [ $? -eq 0 ]
        then
            echo -e "$IP1$TABLET ${c3} <----- TABLET ${c0}"
     fi

grep -q "$IP1$MOTO_1" "/home/$USER/dev/IP_ADDIES.txt"
     if [ $? -eq 0 ]
        then
            echo -e "${IP1}${MOTO_1} ${c7} <----- MY_MOTO ${c0}"
     fi
     grep -v "${IP1}${MOTO_1}\|${IP1}${TABLET}\|${IP1}${KAL1}\|${IP1}${UBU2}\|${IP1}${UBU1}\|${IP1}${ROUTER}" /home/$USER/dev/IP_ADDIES.txt > /home/$USER/dev/IP_ADDIES_UNKNOWN.txt

     cat /home/$USER/dev/IP_ADDIES_UNKNOWN.txt
}


who_is_here | sort -nr
echo ""




It is somewhat convoluted, but it does seem to work. If there is a better way, please don't hesitate to chime in.
I would prefer not to have to create or edit a file every time I run it.
Better if I don't have to depend on external text files.
this last one takes about ten(10) seconds start to finish on my Toshiba Laptop. Where the original took three(3) and the second one took about twenty(20). So it is kinda in the middle on speed. faster would be better.

However, for now.....


kudos

__________________________________________________________________________________________
EDIT

I added a few lines, and changed the last bit
Code:
who_is_knocking(){
       netstat -tn 2>/dev/null | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head


}

echo -e "${c3}Active IP ADDRESSES from within. ${c0}"
echo ""
who_is_here | sort -nr
echo ""
echo -e "${c3}Active IP ADDRESSES from the ${c1}WORLD. ${c0}"
echo ""
who_is_knocking | sort -nr
echo ""
echo -e "${c3}======================================================${c0}"
netstat -tn 2>/dev/null | grep :80 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head >> /home/$USER/dev/who_is_knocking_FULL.txt
cat /home/$USER/dev/who_is_knocking_FULL.txt | sort -nr | uniq -c > /home/$USER/dev/who_is_knocking.txt
echo ""

Now it also shows world connections as well. it lets you know which is internal and which are from the outside.
And it keeps a record of all that connect. so you can check it with whois, or another app if you prefer.
 
still looking for a better way.

again,

kudos
A computer without Microsoft is like a piece of chocolate cake without ketchup and mustard.


Telegram @eliasw4u
Reply
#3
Here is a screenshot (numbers changed with GIMP) of the script when ran in the terminal.
[Image: Screenshot-from-2020-04-04-19-52-59.png]

they only show when active. and,
a record of the inbound IP addresses are kept and numbered like this
[Image: Screenshot-from-2020-04-04-20-00-05.png]


the first number is the count or amount of times that IP has been caught. the other is the IP itself

In this case, the first 5 lines are IPv6 it is not displaying correctly, This is a work in progress.
again any help would be greatly appreciated.


kudos
A computer without Microsoft is like a piece of chocolate cake without ketchup and mustard.


Telegram @eliasw4u
Reply
#4
i have fixed the issue with IPv6...........NOT

_______________________________________________________
EDIT

I had posted here that the issue was resolved. But essentially all i was doing was awking ip -a which only showed my IPv6. I have absolutely no idea what it was thinking when i did that.
So anyway, back to square one.
sorry about that.


kudos
A computer without Microsoft is like a piece of chocolate cake without ketchup and mustard.


Telegram @eliasw4u
Reply
#5
I don't know if this is exactly what you're looking for but I use this script to find active IP addresses on my local netowrk with their hostnames.

Code:
#!/bin/bash

COUNT=0

echo "Scanning the first 60 addresses on the local subnet..."
for i in 192.168.0.{1..60}
do
  if ping -c1 -w1 $i &>/dev/null; then
    echo  -n "$i "
    name=$(avahi-resolve -a $i 2>/dev/null | awk '{print $2}' | sed 's/.local//')
    [ -n "$name" ] && echo -e "\t$name" || echo -e "\tUnknown host"
    (( COUNT++ ))
  fi
done

echo "$COUNT addresses active."

Here is a sample output:
Code:
Scanning the first 60 addresses on the local subnet...
192.168.0.1      _gateway
192.168.0.2      Unknown host
192.168.0.8      Samsung
192.168.0.9      HP28924A944944
192.168.0.11     NPI202E40
192.168.0.13     ProBook-6570b
192.168.0.14     8300-USDT
192.168.0.15     M91p
192.168.0.16     Rick-8300
192.168.0.17     800-G1-USDT
192.168.0.19     800-g1-dm
192.168.0.21     HP-ProBook-6570b
192.168.0.26     e6500-deb
192.168.0.27     Unknown host
192.168.0.28     Unknown host
192.168.0.29     ProBook-6570b
192.168.0.30     Richards-iPhone
192.168.0.32     Unknown host
192.168.0.38     Toughbook
192.168.0.41     Asawa-PC
192.168.0.45     HP-Mini-110
192.168.0.49     HP-ProBook-6570b
22 addresses active.
Rick Romig
"It's never wrong to introduce a child to Linux."
@ludditegeek
Rick's Tech Stuff
GitHub
Reply
#6
In regard to you 'Who's knocking' function, it appears that you are looking to see who is coming into your network. From what I understand, netstat has been deprecated but the 'ss' command may be what your looking for.

I tried it out on my system and found address attempting to connect via http and https (port 80 or 8080).

Running `ss -4 -t` (-4 = IPv4 and -t = TCP), gives me:
Code:
$ ss -4 -t
State          Recv-Q  Send-Q      Local Address:Port        Peer Address:Port   
ESTAB           0        0            192.168.0.15:35882      162.125.35.135:https 
ESTAB           0        0            192.168.0.15:42070      52.25.237.163:https 
CLOSE-WAIT  1        0            192.168.0.15:60694      52.200.113.115:https 
ESTAB           0        0            192.168.0.15:56986      162.125.19.131:https 
ESTAB           0        0            192.168.0.15:48416      151.101.249.7:https

Piping it through awk and sed trim it down to just the IP address:
Code:
$ ss -4 -t | awk '/:http/ {print $5}' | sed 's/:.*//'

Even if this doesn't exactly solve your problem, I hope this is helpful. It was a good exercise for me in learning some networking tools.
Rick Romig
"It's never wrong to introduce a child to Linux."
@ludditegeek
Rick's Tech Stuff
GitHub
Reply
#7
sorry it took so long to get back to you,
these are some great tools. not quite what i am looking for, but definitely useful in other areas,

And i didn't know that netstat was being depreciated
Thanks for that info.
But it shows how long it has been since i played around with this network script. i have forgotten so much.
also "SS" close, but i am not sure how to use it and get the same output results. i am sure there is a way.

but is all it is truly great stuff, thanks


kudos
A computer without Microsoft is like a piece of chocolate cake without ketchup and mustard.


Telegram @eliasw4u
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)