I run this daily to see network adds/changes. MAC address changes are also detected, which is useful for spotting ARP cache poisoning and changes to system hardware.
1. Create a baseline list of network hosts:
nmap -R -sP --system-dns 192.168.1.* -oN temp.txt
grep -v # temp.txt | grep -v "appears to be down" > baseline_hosts.txt
rm temp.txt
2. Then, save an updated list of hosts, and compare this against the baseline list:
nmap -R -sP --system-dns 192.168.1.* -oN temp.txt
grep -v # temp.txt | grep -v "appears to be down" > current_hosts.txt
rm temp.txt
grep -v -x -F -f baseline_hosts.txt current_hosts.txt
nmap -R -sP --system-dns 192.168.1.* -oN temp.txt
grep -v # temp.txt | grep -v "appears to be down" > baseline_hosts.txt
rm temp.txt
2. Then, save an updated list of hosts, and compare this against the baseline list:
nmap -R -sP --system-dns 192.168.1.* -oN temp.txt
grep -v # temp.txt | grep -v "appears to be down" > current_hosts.txt
rm temp.txt
grep -v -x -F -f baseline_hosts.txt current_hosts.txt
No comments:
Post a Comment