Originally Posted by
z3nhakr
I'm working on a security tool for Linux to scan for vulnerabilities in my network. instead of trying to fix problems, it will work as a warning system and send me an email if it detects apr attacks, dos attacks or duplicate mac addresses. id be glad to pack this into a deb and open source it after i finish but for now im stuck on detecting duplicate macs/mac spoofing. i was thinking of using nmap to scan for hosts and then make a script to compare the results but nmap always gives to many details which makes comparing things a pain in the backside to do. does anyone know how to get a cleaner output from nmap or another network scaner with a cleaner output.
nmap has a ton of options that you could explore. Particularly I would suggest ping scanning for this, or you can do a full scan output the file into grepable format and grep through it.
so an example command might be
Code:
nmap -sP -oG filename 192.168.0.0/24
then
Code:
cat filename | grep "[0-9]*:[0-9]*:[0-9*]:[0-9]*:[0-9]*:[0-9]*"
Or whatever options you wanted to throw on there -A would probably be handy for nmap's output.
Also they have these types of tools already, they're called IDS. I would check out Snort or Suricatta. Hope this helps
Bookmarks