vh/NetAlertX
1
0
Fork 0
mirror of https://github.com/jokob-sk/NetAlertX.git synced 2025-12-07 09:36:05 -08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
5d7af88130d379d72c246b3686501c5484652586
NetAlertX/front/plugins/arp_scan/README.md
jokob-sk 838352388f
Some checks are pending
docker / docker_dev (push) Waiting to run
Details
Deploy MkDocs / deploy (push) Waiting to run
Details
arpscan readme #867
2025-02-15 09:34:01 +11:00

34 lines
2.2 KiB
Markdown
Executable File
Raw Blame History

## Overview
Most on-network scanners (ARP-SCAN, NMAP, NSLOOKUP, DIG) rely on scanning specific network interfaces and subnets. Check the [subnets documentation](https://github.com/jokob-sk/NetAlertX/blob/main/docs/SUBNETS.md) for help on this setting, especially VLANs, what VLANs are supported, or how to figure out the network mask and your interface.
An alternative to on-network scanners is to enable some other Device scanners/importers that don't rely on NetAlert<sup>X</sup> having access to the network (UNIFI, dhcp.leases, PiHole, etc.).
> Note: The scan time itself depends on the number of IP addresses to check so set this up carefully with the appropriate network mask and interface.
> [!NOTE]
> If you have a lot of offline devices, which should be online, look into using, or substituing, ARP scan with other scans, such as `NMAPDEV`. The [ARP scan protocol uses](https://networkencyclopedia.com/arp-command/) a cache so results may not be 100% reliable. You can find all available network scanning options (marked as `🔍 dev scanner`) in the [Plugins overview](https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS.md) readme.
### Usage
- Go to settings and set the `SCAN_SUBNETS` setting as per [subnets documentation](https://github.com/jokob-sk/NetAlertX/blob/main/docs/SUBNETS.md).
- Enable the plugin by changing the RUN parameter from disabled to your preferred run time (usually: `schedule`).
- Specify the schedule in the `ARPSCAN_RUN_SCHD` setting
- Adjust the timeout if needed in the `ARPSCAN_RUN_TIMEOUT` setting
- Review remaining settings
- SAVE
- Wait for the next scan to finish
### Common issues
#### IP flipping on Google Nest devices
Some devices might flip IP addresses after each scan triggering false notifications. This is because some devices respond to broadcast calls and thus different IPs after scans are logged. To preven this you can try to use the `--exclude-broadcast` flag in the `ARPSCAN_ARGS` setting or change the `SCAN_SUBNETS` setting from e.g.: `192.168.1.0/24` to `192.168.1.1-192.168.1.254` to exclude the broadcast address `192.168.1.255` from the scanned range.
#### Examples
Settings:
![settings](/front/plugins/arp_scan/arp-scan-settings.png)
Reference in New Issue View Git Blame Copy Permalink