Raspberry Pi & Local Area Network Monitoring
This project isn't specific to the Raspberry Pi but, following on from our Raspberry Pi Bluetooth project we thought it might be useful to see what monitoring could be done on our home Local Area Network (LAN) and what useful data we could gather from it. Note that this project has big privacy implications and whilst we were trying to see what is technically possible, this doesn't mean we will necessarily leave it collecting all of the data described here.
With the 'Wheezy' OS install we had to install the arp-scan tool using the command:
sudo apt-get install arp-scan.
Once installed, we can run a basic arp-scan command:
sudo arp-scan --localnet
This command has to be run as root and it returns a list of devices on the local network, with IP address, MAC address and the exposed name of the device. We initially wrote a simple script that repeats this command every 30 seconds and processes the resulting output, one line at a time. The software looked for new or unknown devices on the network and then reported them. It also checked for devices going missing from the network and reported them.
We have since written some Java code for the Raspberry Pi to provide accurate presence information and monitor and log devices on our home network. This uses a static devices class that knows about all the devices in our home. It also models the devices in terms of ownership, type of device and persistence on the network. Whilst wired devices connected via Ethernet cables appear to have a persistent presence on the local network, wireless devices appear to come and go. Devices like iPhone's will often not appear for some time, if they are not used. To counteract this, we have implemented a threshold value for each device, which is used to determine if it really has been removed from the network.
We will be publishing our code here very soon. For security reasons we will be removing all references to our devices and service passwords.
This is a very effective way of determining presence of device on our home network. Because wireless devices do not always appear on network, those that are associated with a person and are carried at all times (e.g. personal Smartphones), provide a presence 'ping' to update our Home Control System (HCS) understanding of who is in or out. This makes it very timely and it works well with our 'wasp in a box' model. This model assumes that devices are not seen again once the front door is closed.
In terms of logging the coming and going of devices, it is desirable to use a cumulative counter to detect a sequence of scans where the device is not present. This introduces a delay in detecting devices leaving but greatly improves the accuracy. This method can then be used to detect devices being removed from the network (or the home) and take appropriate action.
The slightly scary thing about this project is that we keep discovering new networked devices! Slowly we have managed to identify them but, we still have 1 unidentified device that connected and we still don;t know what it was (we haven't seen it for 8 months now though). We have over 40 in total now and suspect that some of these will be devices that are wired but, also have wireless interfaces. To help resolve this, we now have the software sending an SMS message, when an unknown device connects.
Our software allows us to track how long devices are used for, so usage of things like the children's Smart TVs and the Playstation 3 can be monitored.