I think the point being, why even use the Raspberry Pi in the first place given that most routers (even a lot of consumer ones) maintain a list of currently connected users.
It depends on your definition of easily accessible. For example, on my TP-Link W8961N you can use Python's Requests library, Beautiful Soup and HTTP Basic Auth to retrieve and parse the client list.
Seeing as how rarely router firmware is upgraded (and even then, surely less likely the UI!) - I think you're pretty safe automating a scrape of the HTML table.
There are some routers providing these information through their web interface, but I haven't found anyone that provides these info through SSH. Any ideas how I could grab that information?
This is nice way of getting the live device data out from the router - I've made a few scripts in the past for logging into the router web interface and scraping connected device data as a "Who's in the house" display.
Pulling the DHCP functionality out into something more accessible is a great idea!
Not for me on FIOS (I have one year left on my contract UGH! but I was told NO Contract sign here I'm a Noob)
I use to have my own DNS on my server for these purposes and could get a text or email whenever my kids started pulling data on wifi (Teenagers who "can't sleep" than I pulled this trick and they were sleeping)
Fios TV must have the DNS going through their crappy router.
Somehow I expected this talk about real network monitoring like using Ntop, Nagios, arpwatch etc. Just creating another dhcpd for the lan/wifi feels cumbersome just to get dhcp leases.
So how about using RPI as a network bridge between the router and the client hosts and then using Ntop, arpwatch etc. Then you can actually monitor the traffic in detail.
I would expect that RPI could route normal home lan traffic well enough unless there's some big IO limitations regarding ethernet+usb ethernet. Linux has been used for routing with a lot lower spec HW than RPI or RPI2.
I ran a Pi router for awhile, and can confirm that the USB ports are the bottleneck. It was great when I was using it to split traffic between two crappy 3-6Mbit links, but once I finally got hooked up with a decent connection (90Mbit), I quickly hit a 30Mbit-ish ceiling.
Would arpwatch provide any extra information? Ntop sounds like a very interesting idea, I wasn't aware. I suppose you mean you can use a wireless card on you Pi, so the clients can connect through it, and then use ntop to measure the usage... Right?
It wouldn't provide extra information but it would be cleaner way to follow the network compared to reading dhcpd leases. You could have RPI (or other comp) working as the wifi AP or you have RPI between the WAN router and the actual Switch/Access point. This way RPIs slow IO wouldn't slow down your intranet.
Over years I started with a freebsd box with a front wired network to a DSL link that had no other clients physically connected to it, with wireless and wired backend cards in it to serve the client networks... To a system where the freebsd router had a single drop and two interfaces and did routing between them and DHCP'd for the client network (and the physical network was bridged between wireless and wired by the wireless router I had bought)... To a system where I just have a wireless router and don't worry about it that much any more. I get traffic stats, connected clients, etc which is mostly what I need to know about. Its nice being able to sniff all your wireless traffic at the AP, its also nice being able to tcpdump all your transit, but ultimately the complexity wasn't worth the flexibility for me.
There is a need for tools that people can use for monitoring the activity on their home networks. All of these IoT devices are going to create problems that need troubleshooting. Yes, the ideas outlined are simple, but this can evolve over time to solve a problem that is going to be increasingly important
The problem it's not a tool that actually monitor activity on the network at all, you are better off getting a router with 3rd party firmware support or a slightly better home router which many even come with SNMP these days.
i used to do something like this with a freebsd box and had all the wireless clients dhcp to the freebsd box and route through them while turning off dhcp on the wireless router.
ultimately it was a PITA and i run merlin on my wireless router now and it gives me everything i really used the freebsd box for.
and if you have an IOT thing which is misbehaving and you really need to dig into it more than you can with merlin you can always setup ip forwarding on a linux desktop/server/whatever and force the IOT to use that as a router and MITM your own traffic for that box temporarily.
If you want to see what clients are connected to your network you have to login into your router (typing username & password), navigate to its WiFi or DHCP client tables and then try to match MAC addresses with real clients. What I tried to do is mostly time saving. You can have information about hostnames, MACs, MAC manufacturers and status via the web.
All routers even the cheapest home router that are supplied by ISP's will show the MAC address, IP address and host name of the client in exactly the same manner.
50% or so of them will also resolve the vendor ID of the MAC address.
>> Simply because WiFi is managed by the router and most of the routers out there don't provide you with such information or statistics.
I love Pi, and I have my own raspberry pi router project with 3d printed box and everything. But why spend money and an extra ethernet port for information that you can scrape off of your router's http page with something simple like a web testing tool?
Would not using openwrt be a better solution I think that reports by client. And I am sure that Cisco Airnet and Ruckus kit does this.
And there are hacker distros for the PI designed for use as an ICE device - ideally you need to have a ethernet tap other wise you need two ports to monitor ethernet.
Do you know if this is somehow possible using OpenWRT? Would be great to have a life updating view of all connected Wifi devices including bandwith usage / limit and so on.
"We chose to use the range 192.168.1.0/8 as our local network"
Minor typo, although it doesn't really matter in the big picture.
I like how it was written. In line commentary, like a tourist guide or a very informal runbook.
As a meta comment about the project goals it seems almost like a parody of taking something like logging into the CLI and running "arp" and turning it into the largest and most complicated system imaginable, I'm trying to figure out how to make it more complicated, maybe running it on https instead with a valid cert, or perhaps doing it all in Intercal or cobol instead of node.js.
I guess it's interesting as an exercise, but openwrt gives you this and so much more on $30 routers. After years of experimenting with different router firmwares, I can't recommend openwrt enough. It's simply phenomenal.
I have three OpenWRT devices: a Linksys wrt1900ac (v2), and two TP-Link WDR3600s. Considering that you can pick up the WDR3600 on Amazon for roughly $50, it's a steal. I have multiple vlans configured across all three (which OpenWRT makes very easy to do) and certain SSIDs isolated to certain vlans, even on the same radio. I just set up WDS last night between the two WDR3600s, and it was such a simple process. I have the utmost respect for OpenWRT and what it lets you accomplish. Plus, it's far more professionally-run project than other firmwares like Tomato. If you haven't played with OpenWRT yet, I wholeheartedly suggest you do.
It's a bit of fun, but you could probably do better with a Mikrotik board (eg: http://routerboard.com/RB922UAGS-5HPacD list price $79), a low-end microATX board with a few network adaptors - or as others have suggested, a wireless router with something like OpenWrt etc.
You could set up an promiscuous WiFi card and monitor all active WiFi-sessions, the radio signals are still there, readable even if the actual connection/data is encrypted.
We did this at my university to monitor who's in our social activity facilities at any given time (opt-in).
It'd be more interesting to dive into that nodejs snippet. The work to get the final result (a list of connected devices) has already been done and implemented in your home router.
And you swap a real router for a bandwidth constrained raspberry to get that list.
Curious - if you click 'Home' you (I) get chucked onto port 2368; the page is also served on 80, but not others (at random) - why is that? Funky load-balancing?
You could probably install something like pfsense or untangle and get a whole heck of a lot more tools. Or even dd-wrt. I'm assuming the drivers exist for this.
55 comments
[ 3.1 ms ] story [ 112 ms ] threadumm, what? I haven't seen a router for a long time that doesn't have that feature.
Pulling the DHCP functionality out into something more accessible is a great idea!
I use to have my own DNS on my server for these purposes and could get a text or email whenever my kids started pulling data on wifi (Teenagers who "can't sleep" than I pulled this trick and they were sleeping)
Fios TV must have the DNS going through their crappy router.
So how about using RPI as a network bridge between the router and the client hosts and then using Ntop, arpwatch etc. Then you can actually monitor the traffic in detail.
However, maybe at least setting up DNS server on Pi would get some "live" stats without sacrificing performance ?
Over years I started with a freebsd box with a front wired network to a DSL link that had no other clients physically connected to it, with wireless and wired backend cards in it to serve the client networks... To a system where the freebsd router had a single drop and two interfaces and did routing between them and DHCP'd for the client network (and the physical network was bridged between wireless and wired by the wireless router I had bought)... To a system where I just have a wireless router and don't worry about it that much any more. I get traffic stats, connected clients, etc which is mostly what I need to know about. Its nice being able to sniff all your wireless traffic at the AP, its also nice being able to tcpdump all your transit, but ultimately the complexity wasn't worth the flexibility for me.
1) You need a router that supports DHCP relay, which most home routers do not natively support.
2) It won't show you clients that are connected to the Wifi which is probably the majority of clients in most home networks.
3) It doesn't give you the ability to monitor anything beyond the DHCP lease table which all routers show.
So besides wasting 50$, losing a port on your router and having another thing that might break your network down you aren't getting anything.
There is a need for tools that people can use for monitoring the activity on their home networks. All of these IoT devices are going to create problems that need troubleshooting. Yes, the ideas outlined are simple, but this can evolve over time to solve a problem that is going to be increasingly important
i used to do something like this with a freebsd box and had all the wireless clients dhcp to the freebsd box and route through them while turning off dhcp on the wireless router.
ultimately it was a PITA and i run merlin on my wireless router now and it gives me everything i really used the freebsd box for.
and if you have an IOT thing which is misbehaving and you really need to dig into it more than you can with merlin you can always setup ip forwarding on a linux desktop/server/whatever and force the IOT to use that as a router and MITM your own traffic for that box temporarily.
I love Pi, and I have my own raspberry pi router project with 3d printed box and everything. But why spend money and an extra ethernet port for information that you can scrape off of your router's http page with something simple like a web testing tool?
And there are hacker distros for the PI designed for use as an ICE device - ideally you need to have a ethernet tap other wise you need two ports to monitor ethernet.
"We chose to use the range 192.168.1.0/8 as our local network"
Minor typo, although it doesn't really matter in the big picture.
I like how it was written. In line commentary, like a tourist guide or a very informal runbook.
As a meta comment about the project goals it seems almost like a parody of taking something like logging into the CLI and running "arp" and turning it into the largest and most complicated system imaginable, I'm trying to figure out how to make it more complicated, maybe running it on https instead with a valid cert, or perhaps doing it all in Intercal or cobol instead of node.js.
We did this at my university to monitor who's in our social activity facilities at any given time (opt-in).
And you swap a real router for a bandwidth constrained raspberry to get that list.
https://people.ee.ethz.ch/~muejonat/wifimon/