[Feature Request] Regarding ICMP, NMAP and DHCP lease import

[Goconvince]

Hi there,

So after having used this (and loving it) there are a few things that confuses me slightly.

1 - Why not use NMAP scanning instead of arp-scan only? That way we can have higher probability of finding devices I presume?

2 - Some devices dont show up when performing a arp-scan - but they do respond to ping. But it feel like I have to manage them as seperate entities and not as one (having all devices on the same page regardless if they show up through ICMP or arp-scan would be nice).

3 - Would be cool to have an import feature for the DHCP leases from OPNSENSE/PFSENSE. I know I can run NGTOP - but honestly I like Pi.Alert more.

4 - A vulnerbility section perhaps? We already have nmap - why not use it for vuln scans or to present open ports directly in the device section?

Thanks again for a great tool!

[leiweibau]

I wish you a happy new year.

So after having used this (and loving it)

Thank you very much

1 - Why not use NMAP scanning instead of arp-scan only? That way we can have higher probability of finding devices I presume?

THE value that forms the basis for the entire client management and notification is the MAC address. This can only be determined in the local network of the Pi.Alert installation / Pi.Alert satellite. At this point, nmap also uses an ARP request. Although nmap can also check hosts in other networks for accessibility, no MAC address is determined here, which is of no use for the way this tool works.

2 - Some devices dont show up when performing a arp-scan - but they do respond to ping.

There are various reasons for such behavior:

• The devices concerned react too slowly or not at all to such an ARP request
• The devices are within range of a repeater and use it to communicate with the network. This leads to the effect that the repeater reports its MAC address instead of the individual devices, which gives the impression that all devices “behind the repeater” are offline.
• If you use multiple networks but allow Pi.Alert to get host information from a router or DNS server, then Pi.Alert may have the entire device list, but still cannot check all devices for reachability.
  There are certainly other scenarios, but I think that's enough for now.

3 - Would be cool to have an import feature for the DHCP leases from OPNSENSE/PFSENSE. I know I can run NGTOP - but honestly I like Pi.Alert more.

I've thought about it before (#328 (comment)), but unfortunately I don't have the time to familiarize myself with pfsense/opensense in order to have a test environment in the first place. So I need some support from others, at least for the beginning, and above all patience with myself 😉

4 - A vulnerbility section perhaps? We already have nmap - why not use it for vuln scans or to present open ports directly in the device section?

As I have remained true to the principles of the original project, I am also trapped in the time windows introduced by the project. This is both a curse and a blessing.
Depending on the size of the network, such a scan would take a very long time and ensure that scans build up quite quickly and the network has nothing else to do but transmit scans. It may be nice for some people that something is constantly being scanned, but I personally believe that all these scans should be as subtle as possible and should not overwhelm even the weakest participants (IoT) in the network. It doesn't help anyone if you get notifications every 10 minutes just because the devices in the network “fall over” as a result of the scans. However, in order to address the issue at least to some extent, there is a manual port scan for each device in the details view. I hope the “GUI” for this is implemented in a reasonably understandable way.

[Goconvince]

Awesome! Thanks for your detailed reply.

Just a few thoughts.

Regarding NMAP - Would it make sense to start a ping-sweep before an arpscan? And if arp get no reply, then retry. If it fails - add it to the ICMP part? Or have the ICMP part together with the other devices? The reason is that for me Pi.Alert is essentially a tool to say "Here is a device, this is the info I can get from it". So maybe have a mode that would do the following - "Ping sweep - Arp Scan - Nmap" And then adds the device with any form of data it can. That a MacAdress is required might be true for inventory - but not for alerting. But again, thats just me.

Regarding OPNSENSE - There are different ways of approaching this - but the biggest hurdle is that OPNSENSE is FreeBSD. But OPENSENSE does have a buildt in API. But you are right - its probably a big job.

Thanks again for your time and keep up the good work - awesome app!