LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-30-2004, 11:16 AM   #1
gottin
Member
 
Registered: May 2004
Location: Sofia / Bulgaria
Distribution: Fedora Core 5
Posts: 38

Rep: Reputation: 15
Perl script for statisting/logging windows clients


hi U all

I'm a sys admin and want to solve one my security problem. Well in the net "I'm living in", sometimes some guys are changing their IPs and MACs with the idea to trick the nearby router and do some rellevant "hacks". BUT, the idea of one my coleague was to write a script which will monitor local machines and log a statistic. A kind of this:
----------------------------------
NetBiosName: Example1
IPs: 192.168.1.19
MACs: <mac 1>

NetBiosName: Example2
IPs: 192.168.1.19, 192.168.1.56
MACs: <mac 1>, <mac 2>
-------------------------------------

with such an information we can gues that Example2 has tried to represent himself as Example1 (by IP and MAC changing). I'm almost sure that may by 99% of the guys when doing similar things do not change their NBNs

So I want to know if there's already such a program/script. Or at least a program which cat scan/sniff for NBNs - IPs. I think that I can write a perl script for the nesessary logging and automation.

Can U help?
 
Old 07-30-2004, 01:59 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
It should be easy enough to do.

You can use "nmblookup" to get the machine name based on the IP and "arping" to get the MAC address.

I'm not sure if you were suggesting the above layout or not as a way to hold the data but if it was me I would probbaly store the entries in a database - text or msyql, it doesn't matter. Something like:
datetime|status|ip|mac|name

You can then build something to query it and select all mac addresses that have been used with different IPs, all IPs that have been used with different names and all names that have been used with different macs. If you build the report in a web based form then it wouldbe quite easy not navigate if you could just click on say the mac address in a listing and find all of it's associated values, how many times they were registered together. The purpose of suggesting the status field was that you can record which combinations are expected to be true, this should make logging easier to decifer - you may even choose not to log anything if the result is expected.
 
Old 08-01-2004, 05:27 AM   #3
gottin
Member
 
Registered: May 2004
Location: Sofia / Bulgaria
Distribution: Fedora Core 5
Posts: 38

Original Poster
Rep: Reputation: 15
,

I think that I fount what I need. During my process of thinking and searching information, 'findsmb' program came to my eyes . Well I'll try to script it with Perl and reach my goal.

with findsmb and arp, I'll get all the necessary info for an user and with the help of Perl I'll automate the process.

btw, david_ross - 10x for trying to help me. In my mind there's future plans for developing this idea which include the use of SNMP for getting info from our pppoe-server (Access Consentrator), but I'll write wider explanation of that in future.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
runing perl unix script in windows 2000 anirudh Programming 3 04-15-2005 10:07 AM
Converting a Windows Perl script to a Linux Perl script. rubbercash Programming 2 07-19-2004 10:22 AM
Problem with Win XP Clients logging in a Domain with a Samba Server YasoKuhl Linux - Networking 0 05-03-2004 01:06 PM
how to find the pid of a perl script from shell script toovato Linux - General 1 12-19-2003 06:25 PM
Including methods from a perl script into another perl script gene_gEnie Programming 3 01-31-2002 05:03 AM


All times are GMT -5. The time now is 04:39 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration