I am looking for a network monitor/scanner. With Nagios, I need to add devices myself, but I want to track those unknown devices. So I am looking for a Nagios-like tool that 24/7 scans the ranges of our wan and then report the results to a nice web based output. It doesn’t have to do more then give the host name per found alive IP. All other stuff I can find out with other tools. It would be cool if it can remember, when an IP is dead, if the IP was alive the previous scan. If it does more it’s a bonus.
Current I am using Angry IP Scanner. That’s good but I want it to run continuously, range by range.
Well, in the past I installed ZENworks for Servers a lot. You could set the network load. Basically most networks with about 1000-2000 devices took a day to scan if you didn’t change it. The result was a nice tabel, and network view, with all devices. It also gave some info, but for more details you could configure snmp or use different tools.
I don’t care if it takes 2 days, just want to see devices I know are there but aren’t in our IP documentation.
If you want only to see the undocumented devices, you could do a ping in all the network range (using fping) and after document the founded ips (this presuming yours ICMPs requests are not blocked by the firewalls)
Indeed, that is what I have been doing now. But that’s a periodic manual scan. What I want is to let someone else check the results of an automated scan. Preferably nice looking and readable instead of a txt file somewhere.
The problem is, somehow people keep connecting devices to the network without adding them to the documentation. This goes from new network devices that aren’t administrated by the IT department to users actually connecting NAS devices that act as MP3 servers or what not. Last week the department that controls all buildings installed new alarm installations that connect to the network for management. They didn’t ‘realize, uch…uch…’ they needed to inform IT. They guy that installed it just pinged an address, on no reply he took it.
So i want to keep checking the network for rogue devices, because obviously this company fails to follow instructions on how to keep this documented. But that’s a different problem :mad:
On Thu, 2008-07-03 at 13:56 +0000, Ricochet wrote:
> Indeed, that is what I have been doing now. But that’s a periodic manual
> scan. What I want is to let someone else check the results of an
> automated scan. Preferably nice looking and readable instead of a txt
> file somewhere.
>
> The problem is, somehow people keep connecting devices to the network
> without adding them to the documentation. This goes from new network
> devices that aren’t administrated by the IT department to users
> actually connecting NAS devices that act as MP3 servers or what not.
> Last week the department that controls all buildings installed new
> alarm installations that connect to the network for management. They
> didn’t ‘realize, uch…uch…’ they needed to inform IT. They guy that
> installed it just pinged an address, on no reply he took it.
>
> So i want to keep checking the network for rogue devices, because
> obviously this company fails to follow instructions on how to keep this
> documented. But that’s a different problem :s
>
> Perhaps I can make something with Python.
Good… I like people with initiative! Some other things you might
be able to consider. You can use arpwatch on many networks (it
does depend) to see the various “who has”, etc messages… vs.
using a heavy polling application, this is much more passive. When
you see the new arp machine, then you can target that host with
your scan. Just something to consider that might be useful.
On the scan side, you can do some pretty nice scans with nmap
and I believe the xml you can get from that tool is nagios
friendly (if I recall).
You might want to give wireshark a look see. I currently use it on my wireless network at home and couldn’t be happier. For monitoring a large network though, I don’t know if it’ll suit your needs.
