0

I'm a complete dummie on Network subjects. I'm trying to create a log, when a specific iPhone/Cellphone connects into a wireless network.

The main goal is pull a trigger (create a log file, send a mail, create a post message to a web server etc) when a known mac address gets into the network.

On a terminal if I send arp -a I get all the ip and the mac address of the phone, but I could not figure out how to make this action by using a mac address.

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
cleliodpaula
  • 119
  • 2
  • 2
    Implement 802.1x, then just write a script to watch your radius server log for successful authentications and take whatever action you want. – EEAA Mar 17 '14 at 21:48
  • 1
    I think you need to do some basic reading up on how arp works. You won't see an arp entry until you try to access the other device's IP address. So it won't tell you anything interesting. Another way is to monitor the DHCP lease table, but you have to ask how are you going to identify a phone? By MAC address? Maybe. But unless you have an incredibly comprehensive list of which ranges of addresses were used in phones that won't work. NMAP each IP address to get an idea? Phones probably don't have a signature. 802.1x? Well now maybe were getting somewhere... – Mark Henderson Mar 17 '14 at 21:49
  • I edited the question: when a specific iPhone/Cellphone connects into a wireless network at my home. – cleliodpaula Mar 17 '14 at 21:54
  • 1) you're asking about a home network, so it's off-topic. 2) My comment above (or Mark's about monitoring your DHCP lease table) is how you'd implement this. Whether or not you'll be able to do either depends greatly on your skill level and the equipment you have available. – EEAA Mar 17 '14 at 21:55
  • @EEAA I've edited it so that it's no longer "home"ish, but the correct answer remains: 802.1x – Mark Henderson Mar 17 '14 at 22:08
  • @MarkHenderson - good edit and answer. – EEAA Mar 17 '14 at 22:10

1 Answers1

6

Ok, since you're only after a single phone, you would need to monitor something (DHCP or ARP table) and look for the MAC address of your phone. It won't change, as it's (meant to be) globally unique per network interface.

However, there are some problems:

  1. DHCP leases last for a while. Just because there is a lease, that doesn't mean that the device is currently present
  2. ARP entries are cached, at least for a while. Just because you have an entry, doesn't mean that the device is currently present
  3. The device's IP address may change upon connection if it's been off the network for long enough for the DHCP lease to expire, so you can't rely on its IP address
  4. Your phone should attempt to register a DNS entry for itself, but unless you have a proper local DNS server (not just a relayer like most modem/routers are) then you won't be able to query the device's name to get an IP address to get its MAC address via ARP
  5. IPv6 Neighbour discovery might be another good one, but this involves an IPv6 stack on your network and phone and suffers the same problems as ARP.
  6. Monitor broadcast traffic for DHCP requests from your MAC in question. These shouldn't show up that often and are a safe sign that the device is currently on the network. But wow, that's a big overhead.

The best option is configure 802.1x. This involves a WiFi access point that supports WPA2-Enterprise and RADIUS server. Monitor the auth logs of your RADIUS server for the MAC of the devices in question and then send an email.

Mark Henderson
  • 68,823
  • 31
  • 180
  • 259