Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 07-30-2004, 12:16 PM   #1
Registered: May 2004
Location: Sofia / Bulgaria
Distribution: Fedora Core 5
Posts: 38

Rep: Reputation: 15
Perl script for statisting/logging windows clients

hi U all

I'm a sys admin and want to solve one my security problem. Well in the net "I'm living in", sometimes some guys are changing their IPs and MACs with the idea to trick the nearby router and do some rellevant "hacks". BUT, the idea of one my coleague was to write a script which will monitor local machines and log a statistic. A kind of this:
NetBiosName: Example1
MACs: <mac 1>

NetBiosName: Example2
MACs: <mac 1>, <mac 2>

with such an information we can gues that Example2 has tried to represent himself as Example1 (by IP and MAC changing). I'm almost sure that may by 99% of the guys when doing similar things do not change their NBNs

So I want to know if there's already such a program/script. Or at least a program which cat scan/sniff for NBNs - IPs. I think that I can write a perl script for the nesessary logging and automation.

Can U help?
Old 07-30-2004, 02:59 PM   #2
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 67
It should be easy enough to do.

You can use "nmblookup" to get the machine name based on the IP and "arping" to get the MAC address.

I'm not sure if you were suggesting the above layout or not as a way to hold the data but if it was me I would probbaly store the entries in a database - text or msyql, it doesn't matter. Something like:

You can then build something to query it and select all mac addresses that have been used with different IPs, all IPs that have been used with different names and all names that have been used with different macs. If you build the report in a web based form then it wouldbe quite easy not navigate if you could just click on say the mac address in a listing and find all of it's associated values, how many times they were registered together. The purpose of suggesting the status field was that you can record which combinations are expected to be true, this should make logging easier to decifer - you may even choose not to log anything if the result is expected.
Old 08-01-2004, 06:27 AM   #3
Registered: May 2004
Location: Sofia / Bulgaria
Distribution: Fedora Core 5
Posts: 38

Original Poster
Rep: Reputation: 15

I think that I fount what I need. During my process of thinking and searching information, 'findsmb' program came to my eyes . Well I'll try to script it with Perl and reach my goal.

with findsmb and arp, I'll get all the necessary info for an user and with the help of Perl I'll automate the process.

btw, david_ross - 10x for trying to help me. In my mind there's future plans for developing this idea which include the use of SNMP for getting info from our pppoe-server (Access Consentrator), but I'll write wider explanation of that in future.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
runing perl unix script in windows 2000 anirudh Programming 3 04-15-2005 11:07 AM
Converting a Windows Perl script to a Linux Perl script. rubbercash Programming 2 07-19-2004 11:22 AM
Problem with Win XP Clients logging in a Domain with a Samba Server YasoKuhl Linux - Networking 0 05-03-2004 02:06 PM
how to find the pid of a perl script from shell script toovato Linux - General 1 12-19-2003 07:25 PM
Including methods from a perl script into another perl script gene_gEnie Programming 3 01-31-2002 06:03 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:36 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration