Track MAC Addresses

giffordj · June 26, 2024, 08:01:46 AM

I have a few office's that need the ability to track the mac-addresses attached to their network for audit purposes. The way the some of offices do that today is by a program on the server using LAN sweeper. Is there a plugin for OPNsense to offer similar functionaility?

Monviech (Cedrik) · June 26, 2024, 08:21:48 AM

That's just ARP.

https://en.wikipedia.org/wiki/Address_Resolution_Protocol

You can check the ARP Table:

Interfaces - Diagnostics - Arp Table
/ui/diagnostics/interface/arp

Seimus · June 26, 2024, 10:16:36 AM

If you have there as well a switch that connects the Hosts to the network, and if that switch is a managed one you can check the mac-address table to see to which port which MAC address is connected.

Regards,
S.

giffordj · June 27, 2024, 04:36:38 AM

This is a HIPAA compliance thing, they want to see a report that shows a new address within 15 minutes of it being added. I was thinking a cron script, but wasn't sure if anything was out there currently.

Seimus · June 27, 2024, 09:41:04 AM

If they want to do compliance on persistent base to scope network, just use some kind of tool.

For example you can use NetAlertX by jokob-sk or just plain old good arpscan.

https://github.com/jokob-sk/NetAlertX

I use it at home running as a docker container. Its basically a combination of several features such as arpscan and NMAP, than can scope out what was connected, disconnected on the network.

Regards,
S.

Track MAC Addresses

giffordj

June 26, 2024, 08:01:46 AM

Monviech (Cedrik)

June 26, 2024, 08:21:48 AM #1

Seimus

June 26, 2024, 10:16:36 AM #2

giffordj

June 27, 2024, 04:36:38 AM #3

Seimus

June 27, 2024, 09:41:04 AM #4 Last Edit: June 27, 2024, 10:01:51 AM by Seimus