I’ve made a arpscanner in the past
https://www.henriaanstoot.nl/2019/10/15/arpscanner/
But i’m going to migrate the server this is running on.
So I played with ssh commands using ssh connections with a ssh-key, also using Ansible is possible.
ssh user@mikrotik /interface wireless registration-table print
But I didn’t like the continuous logins with automated logins.
So below solution is what i’ve implemented for now.
I’ve installed the IOT extra package from Mikrotik, now I can send MQTT messages from my Wifi enabled Mikrotiks to my Mosquitto broker.
(Download extra package zip, extract iot-7.x-arm.npk, upload this to your mikrotik files folder, and reboot)
The script I’m running on my Mikrotik, sends the active wifi connections with the comments. ( When a comment is set in the Access List, then it’s a know connection )
[admin@RB40111] /iot/mqtt> export
# may/15/2023 21:45:12 by RouterOS 7.9
# software id = xxxx-xxxx
#
# model = RB4011iGS+5HacQ2HnD
# serial number = xxxxxxxxxxxxxxxxx
/iot mqtt brokers
add address=10.1.x.y client-id=rb4011 name=NR
I made the following script on my MT named mqtt
:local broker "NR"
# MQTT topic where the message should be published
:local topic "rb4011/mac"
:foreach i in=[/interface wireless registration-table print proplist=mac-address as-value] do={
:local message "$i"
/iot mqtt publish broker=$broker topic=$topic message=$message
}
A schedule is needed to run this script every 15 minutes
[admin@RB40111] /system/scheduler> export
# may/15/2023 21:48:14 by RouterOS 7.9
# software id = xxxx-xxx
#
# model = RB4011iGS+5HacQ2HnD
# serial number = xxxxxxxxxxx
/system scheduler
add interval=15m name=mqtt on-event=mqtt policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=may/15/2023 start-time=13:30:54
Now all wifi connections will be send to topic rb4011/mac.
# Example
.id=*6a;comment=Mobile Henri wlan2;mac-address=44:46:87:xx:xx:xx
Using NodeRed I can make filters and notifications
Below function: get Mac and Comment from payload, if the comment is empty then it is a unknown connection … so send me a warning using Pushover.
// filter function
var output = msg.payload.split(";");
var comment = (output[1].split("="));
var mac = (output[2].split("="));
msg.payload={};
msg.payload = mac[1];
if (comment[1] == "") {
return msg;
}
// is xx:xx:xx:xx:xx:xx online? example
var output = msg.payload.split(";");
var comment = (output[1].split("="));
var mac = (output[2].split("="));
msg.payload={};
msg.payload = mac[1];
if (mac[1] == "xx:xx:xx:xx:xx:xx") {
return msg;
}
Now i’m getting a notification when an unknown wifi connection is made on my Access Point.
( I going to implement the Access List from MT at a later point. No access when not in the Access List)