network-guard

Scans the network for not whitelisted devices. The whitelist is either a whitelist.json file or with the param -whitelistUrl a url from a webserver. I use git to store my whitelist. The whitelist from url is reloaded once per hour.

This programm is intended to be use with prometheus and optional grafana to visualize the "not-whitelisted" devices in a network.

Usage

Usage of network-guard:
  -bindAddress string
        Address to bind the webserver for /metrics. Default empty = listening an all interfaces
  -bindPort int
        Port to bind the webserver for /metrics. Default 3000 (default 3000)
  -interfaceName string
        Network interface to scan. Example: enp38s0
  -whitelistUrl string
        Url to get the whitelist.json from, auth is not supported must be open. If this option is set the local whitelist.json will be ignored.

Dependencies

sudo apt-get install libpcap-dev

Create a whitelist.json and use the whitelist.json.template as the template.

Run & Build

Run Local

Example: sudo /usr/local/go/bin/go run networkGuard.go -interfaceName enp3s0

Build in docker with older glibc version

docker run -ti --rm -v $(pwd):/workdir/. -w /workdir golang:buster bash

Inside container:

apt update && apt install -y libpcap-dev && wget "https://maclookup.app/downloads/json-database/get-db" -O src/mac-vendors-export.json && go build -buildvcs=false

Output

Those 2 raspberries are not whitelisted and got a 0 at the end of the line.

# HELP networkguard Online network devices.
# TYPE networkguard gauge
networkguard{ip="192.168.0.3", mac="00:00:00:00:00:00", vendor="VMware, Inc."} 1
networkguard{ip="192.168.0.15", mac="00:00:00:00:00:00", vendor="Raspberry Pi Foundation"} 0
networkguard{ip="192.168.0.19", mac="00:00:00:00:00:00", vendor="Raspberry Pi Trading Ltd"} 0
networkguard{ip="192.168.0.20", mac="00:00:00:00:00:00", vendor="NETGEAR"} 1
networkguard{ip="192.168.0.30", mac="00:00:00:00:00:00", vendor="ROHDE & SCHWARZ GMBH & CO. KG"} 1
networkguard{ip="192.168.0.44", mac="00:00:00:00:00:00", vendor="Wistron InfoComm(Kunshan)Co.,Ltd."} 1
networkguard{ip="192.168.0.47", mac="00:00:00:00:00:00", vendor="Raspberry Pi Trading Ltd"} 1
networkguard{ip="192.168.0.50", mac="00:00:00:00:00:00", vendor="VMware, Inc."} 1
networkguard{ip="192.168.0.52", mac="00:00:00:00:00:00", vendor="Micro-Star INTL CO., LTD."} 1
networkguard{ip="192.168.0.54", mac="00:00:00:00:00:00", vendor="Micro-Star INTL CO., LTD."} 1
networkguard{ip="192.168.0.56", mac="00:00:00:00:00:00", vendor="Fujitsu Technology Solutions GmbH"} 1
networkguard{ip="192.168.0.57", mac="00:00:00:00:00:00", vendor="VMware, Inc."} 1

Grafana dashboard

Dashboard config in grafana-dashboard.json