Ways to manage devices on network

JKnott

You could use static mappings for those static addresses.

stephenw10

Not in real-time. You can run NMap against your subnet to see everything that's up during the scan.
Otherwise the ARP table is the most accurate reflection of what hosts are online and talking.

Steve

JKnott

@stephenw10 said in Ways to manage devices on network:

The arp table will only show devices that have recently communicated with or through pfSense. After a few seconds of no traffic, the arp cache will forget about that device.

johnpoz

@JKnott said in Ways to manage devices on network:

After a few seconds of no traffic, the arp cache will forget about that device

Its more than a few seconds, the default arp cache is 20 minutes in pfsense.

There are few different tools to do active arp scanning on a network, some free some not. I have used domotz in the past.. You can run it in a vm, or on a pi for example.. It will actively arp all networks its connected to and show you an almost realtime listing of devices that are on - you can even have setup alerts for when devices join or leave the network.. I use to do this for when my son's phones would join my wifi network, etc.

KOM

I've used The Dude for this task in the past.

JKnott

@KOM

It's also possible to run a shell script to ping through all IP addresses on the network or subset.

johnpoz

If you do not have any other boxes to run the cmd arp-scan from, you could prob get away with installing the freebsd package on pfsense even though its not in the pfsense repository of tools.. They have in the past added tools to the repository that have use and do not pose any sort problem with pfsense.

cheapie408

@KOM said in Ways to manage devices on network:

I've used The Dude for this task in the past.

Did you install this on PFsense or did you have to run it on a seperate box? I like anything with a GUI since it's easier to manage at first glance. Never used the dude before but this looks interesting.

stephenw10

I think that's Windows only. I have never used it myself but I've seen a number of customers using it. Always looked good.

Steve

KOM

@cheapie408 Yes, it's Windows-only unfortunately and would require a dedicated host to run on.

cheapie408

@KOM said in Ways to manage devices on network:

@cheapie408 Yes, it's Windows-only unfortunately and would require a dedicated host to run on.

I do have a Win PC that's on 24/7 which can serve this purpose.

Based on what I see, you install the RouterOS in a VM environment then use the client to connect to it?

KOM

@cheapie408 No, just download the dude and install him under Windows. RouterOS is what the Mikrotik routers run on.

cheapie408

@KOM

According to the manual these are the require. If there's only one "The Dude" this I've used this in the past at my work. But it's straight forward. I just set the IP range and scan the network and it just picks up everything. Perhaps I'm not downloading the right thing? THese are the guys right? https://mikrotik.com/download

RouterOS:

v6.34rc13 or newer
Hardware:

TILE devices;
ARM devices;
MMIPS devices;
RouterOS x86 installations;
RouterOS CHR environment

KOM

Click the The Dude pulldown box and select the version you want.

cheapie408

@KOM yup that's what I downloaded (the latest version of the client). It wants me to connect to a server. :(

KOM

I haven't used it in awhile, but it should work in standalone mode.

cheapie408

@KOM

Unfortunately, Mikotik changed their development of The Dude which requires the dude server VM. ugh!

https://forum.mikrotik.com/viewtopic.php?t=116451

johnpoz

What exactly is the goal here? Do you just want a simple way to check if X device is on the network? Do you want to get alerts when some wifi devices connects, or disconnects.. Do you want graphs of how long devices are up. Do you want to monitor their bandwdith usage?

You can install nmap if all you want to do is simple discovery, now and then to check for devices on your network that you might of forgotten about, etc.

[2.4.4-RELEASE][admin@sg4860.local.lan]/root: nmap -sP 192.168.9.0/24
Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-23 09:29 CDT
Nmap scan report for 192.168.9.8
Host is up (-0.21s latency).
MAC Address: 00:1F:29:54:17:14 (Hewlett Packard)
Nmap scan report for n40l.local.lan (192.168.9.9)
Host is up (-0.21s latency).
MAC Address: 00:1F:29:54:17:15 (Hewlett Packard)
Nmap scan report for nas.local.lan (192.168.9.10)
Host is up (-0.16s latency).
MAC Address: 00:11:32:7B:29:7D (Synology Incorporated)
Nmap scan report for 192.168.9.11
Host is up (-0.21s latency).
MAC Address: 00:11:32:7B:29:7E (Synology Incorporated)
Nmap scan report for sg300-10.local.lan (192.168.9.98)
Host is up (-0.20s latency).
MAC Address: C0:7B:BC:65:4F:13 (Cisco Systems)
Nmap scan report for sg300-28.local.lan (192.168.9.99)
Host is up (-0.20s latency).
MAC Address: 70:6E:6D:F3:11:93 (Cisco Systems)
Nmap scan report for i5-win.local.lan (192.168.9.100)
Host is up (0.00010s latency).
MAC Address: 00:13:3B:2F:67:62 (Speed Dragon Multimedia Limited)
Nmap scan report for 192.168.9.101
Host is up (-0.21s latency).
MAC Address: 00:13:3B:2F:67:63 (Speed Dragon Multimedia Limited)
Nmap scan report for sg4860.local.lan (192.168.9.253)
Host is up.
Nmap done: 256 IP addresses (9 hosts up) scanned in 5.62 seconds

You can do that in the diag section cmd prompt area too if you don't want to ssh to your pfsense box, etc. There is a gui for the nmap package - but its not all that good.. just easier from cmd line.

Or you could install that arp-scan package as well.. It does provide nice output... You could install the arpwatch package..

There a many a way to skin the monitor/discover my network cat... But the devil is the details of what you are actually wanting to accomplish..

cheapie408

@johnpoz

In my Asus router, I have the ability to name any device connected. IE: I have a lot of Google Home/Hubs devices. IE: Google Display - Living Room, Google Display - Family Room etc..

Also some IOT devices have very generic hostnames and even no names at all. I do this so I can figure out what's online or offline so I can address the issue as needed. The ability to go to "Client List" and have all clients showing online/offline is valuable to me and it makes it better to have the ability to tell exactly which one is which.

Attached is a screen shot of what I meant... In the other world, I can simply click on the device, add a description or something to remind me of what they are. I can't do it here. Hence, I'm venturing to learn how I can easily manage the clients.

An unrelated question... is there a way to monitor who's using the most "WAN" bandwidth per device in PFSense?

![alt text]http://postimg.cc/ZCBQt0Jz

johnpoz

Those all seem to be wireless devices.. What are you using for wireless now? Your old asus router as just an AP?

I do the same sort of thing for clients in my wifi controller.. But I also just assign most of my devices dhcp reservations so they always have the same IP.. Not like your harmony hub is going somewhere ;) I used that as example as I have one myself..

So while its a pain when you have a lot of devices, its one time thing.. Then your done an you then know that your phone is always going to have IP 1.2.3.4, and then makes it much easier to do firewall rules as well ;)

As to bandwidth, sure couple different packages you could use - darkstat, bandwidthd, iptraf, lots of ways to determine who is using up banwidth.. If your just looking for who right this second is using up the bandwidth, the traffic graph can show you that.