Keep an eye on who is on your network and when.
Who's On My Network is a tool built-in Python with a React interface that allows you to scan your network to observe who's on it currently and look at past scans to see who was on it previously.
This screenshot shows an overview of scans done between two dates and which devices were detected.
This application does two primary tasks; scanning a network and displaying data.
The Python module is capable of scanning once or scanning repetitively. This is done by executing a basic command in a terminal.
All scans can then be identified in the interface where a user can create profiles for each person they know is on the network and assign discovered devices to people. This helps identify devices you do not know about and unusual connections.
Details in the projects README outline how to download and setup the tool.
The tool offers help for:
- Docker compose (build hosted on GitHub)
- Docker compose with a local build
- Bare metal
The tool is built around a Python module that can be run using
python -m whos_on_my_network <arguments> or simply executing
python run.py <arguments>.
See README.md in the git repository for details about arguments.
To scan the network once, you can use
python -m whos_on_my_network current. This will output a table displaying the MAC address, IP address and hostname of all detected devices. This data has also been saved to the database to be viewed later.
To scan the network repetitively, you can use
python -m whos_on_my_network watch. This will scan the network every 5 minutes (by default - can be changed) repeatedly unless told to only scan a specific amount of times. Each scan will also be saved to the database to be viewed later.
python -m whos_on_my_network start and go to
localhost:8080 in your browser. You can now view scans and create associations between devices and people.
Note: Text substitution has been done in these screenshots below so connections may not add up; this is not the tool.
The scans page shows scans that have been made.
On the scans page, you can select a date range and view all the scans in that period. When clicking on a scan (row on the table), you will be directed to more focused data on that scan, in particular, showing the time, network id used and details about each device.
The devices page shows all devices that have been detected from scans.
On the devices page, you can filter by a text search, a particular owner or primary status. When clicking on a device (row on the table), you will be directed to more focused data on that device in particular.
A primary device is a user-defined field that can signify whether the device is always on the person or not - so it could be used to identify when near or not.
The people page shows people that have been created by the user of this tool
On the people page, you can filter by a text search to find a particular person. When clicking on a person (row on the table), you will be directed to more focused data on that person in particular.
Another page is also supplied that allows you to run a single scan from the browser without having to run the scan command.
By default, this tool uses scapy to send ARP packets to all addresses in the provided network range (default is 192.168.1.0/24) to identify what devices are on the network. When a host responds, its MAC address, IP address and hostname are obtained and an entry is added to the SQLite database matched to the current scan.
Custom scanners are supported by this application to allow custom methods of identifying devices on a network. An example has been provided for WiFi networks that use a ASUS RT-AC58 router. This scanner demonstrates how you can instead look at the active devices connected to your router rather than scanning the network.
All data collected by the application is stored locally in an SQLite database.