Created
June 20, 2017 23:05
-
-
Save anonymous/97f7f7f7b6402c23062299b9bd0e38ee to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env ruby | |
def assert_command_exists(cmd) | |
ENV['PATH'].split(File::PATH_SEPARATOR).each do |path| | |
exe = File.join(path, cmd) | |
return exe if File.executable?(exe) && File.file?(exe) | |
end | |
abort "#{cmd} not found" | |
end | |
def sh(*args) | |
puts("$ #{args.join(" ")}") | |
system(*args) | |
end | |
def process_tcpdump(iface, stream) | |
stats = Hash.new(0) | |
top5 = [] | |
begin | |
stream.each do |line| | |
fields = line.split(/\s+/) | |
next unless fields.size > 1 | |
mac = fields[1] | |
next unless mac =~ /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/ | |
stats[mac] += 1 | |
top5 = stats.sort_by {|_, v| v}[0, 5] | |
system("clear") | |
puts("Least commonly used mac addresses") | |
top5.each_with_index do |p, i| | |
puts("#{i + 1}. #{p[0]} : #{p[1]} packets") | |
end | |
puts("\nReceived packets: #{stats.values.inject(:+)}") | |
puts("Seen devices: #{stats.size}") | |
end | |
rescue IOError, Interrupt | |
return if top5.size < 1 | |
print "apply address (1-#{top5.size}) " | |
num = STDIN.gets.to_i | |
if 1 <= num && num <= top5.size | |
sh("ip", "link", "set", "dev", iface, "address", top5[num][0]) | |
end | |
end | |
end | |
def main(args) | |
tcpdump = assert_command_exists("tcpdump") | |
assert_command_exists("ip") | |
ping = assert_command_exists("ping") | |
if args.size < 1 | |
$stderr.puts "USAGE: #{$0} <interface>" | |
exit(1) | |
end | |
iface = args[0] | |
IO.popen([tcpdump, "-n", "-l", "-e", "-i", iface]) do |stream| | |
# lets find all devices pretty quickly by using multicast ping | |
IO.popen ([ping, "-c", "6", "-6", "ff02::1%#{iface}"]) do |stdout| | |
# discard output | |
stdout.read | |
end | |
abort "ping failed" unless $? != 2 | |
process_tcpdump(iface, stream) | |
end | |
rescue Interrupt | |
end | |
main(ARGV) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment