Last Updated or created 2023-05-15
I’ve made a arpscanner in the past
https://www.henriaanstoot.nl/2019/10/15/arpscanner/
But i’m going to migrate the server this is running on.
So I played with ssh commands using ssh connections with a ssh-key, also using Ansible is possible.
ssh user@mikrotik /interface wireless registration-table print
But I didn’t like the continuous logins with automated logins.
So below solution is what i’ve implemented for now.
I’ve installed the IOT extra package from Mikrotik, now I can send MQTT messages from my Wifi enabled Mikrotiks to my Mosquitto broker.
(Download extra package zip, extract iot-7.x-arm.npk, upload this to your mikrotik files folder, and reboot)
The script I’m running on my Mikrotik, sends the active wifi connections with the comments. ( When a comment is set in the Access List, then it’s a know connection )
[admin@RB40111] /iot/mqtt> export # may/15/2023 21:45:12 by RouterOS 7.9 # software id = xxxx-xxxx # # model = RB4011iGS+5HacQ2HnD # serial number = xxxxxxxxxxxxxxxxx /iot mqtt brokers add address=10.1.x.y client-id=rb4011 name=NR
I made the following script on my MT named mqtt
:local broker "NR" # MQTT topic where the message should be published :local topic "rb4011/mac" :foreach i in=[/interface wireless registration-table print proplist=mac-address as-value] do={ :local message "$i" /iot mqtt publish broker=$broker topic=$topic message=$message }
A schedule is needed to run this script every 15 minutes
[admin@RB40111] /system/scheduler> export # may/15/2023 21:48:14 by RouterOS 7.9 # software id = xxxx-xxx # # model = RB4011iGS+5HacQ2HnD # serial number = xxxxxxxxxxx /system scheduler add interval=15m name=mqtt on-event=mqtt policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=may/15/2023 start-time=13:30:54
Now all wifi connections will be send to topic rb4011/mac.
# Example .id=*6a;comment=Mobile Henri wlan2;mac-address=44:46:87:xx:xx:xx
Using NodeRed I can make filters and notifications
Below function: get Mac and Comment from payload, if the comment is empty then it is a unknown connection … so send me a warning using Pushover.
// filter function var output = msg.payload.split(";"); var comment = (output[1].split("=")); var mac = (output[2].split("=")); msg.payload={}; msg.payload = mac[1]; if (comment[1] == "") { return msg; } // is xx:xx:xx:xx:xx:xx online? example var output = msg.payload.split(";"); var comment = (output[1].split("=")); var mac = (output[2].split("=")); msg.payload={}; msg.payload = mac[1]; if (mac[1] == "xx:xx:xx:xx:xx:xx") { return msg; }
Now i’m getting a notification when an unknown wifi connection is made on my Access Point.
( I going to implement the Access List from MT at a later point. No access when not in the Access List)