Pi.Alert icon indicating copy to clipboard operation
Pi.Alert copied to clipboard
verified publisher icon pucherot

Subnet scanning behavior

Open Brantlab opened this issue 3 years ago • 2 comments

When we define the subnets we wanna scan will it also scan other subnets or only those two?

SCAN_SUBNETS      = '192.168.11.0/24 192.168.144.0/24 --interface=etho0'

When I am using the above config it also scans 172.17.0.0/24 which is my docker network which I would like to exclude.

Brantlab avatar Feb 08 '22 14:02 Brantlab

Just adding to this. After letting it sit for an hour its only scanning the docker subnet and not the defined ranges.

#-------------------------------------------------------------------------------
#  Pi.Alert
#  Open Source Network Guard / WIFI & LAN intrusion detector 
#
#  pialert.conf - Back module. Configuration file
#-------------------------------------------------------------------------------
#  Puche 2021        [email protected]        GNU GPLv3
#-------------------------------------------------------------------------------

PIALERT_PATH      = '/home/pi/pialert'
DB_PATH           = PIALERT_PATH + '/db/pialert.db'
LOG_PATH          = PIALERT_PATH + '/log'
VENDORS_DB        = '/usr/share/arp-scan/ieee-oui.txt'
PRINT_LOG         = False

SMTP_SERVER       = 'smtp.gmail.com'
SMTP_PORT         = 587
SMTP_USER         = '[email protected]'
SMTP_PASS         = 'password'

REPORT_MAIL       = False
REPORT_FROM       = 'Pi.Alert <' + SMTP_USER +'>'
REPORT_TO         = '[email protected]'
REPORT_DEVICE_URL = 'http://pi.alert/deviceDetails.php?mac='

# QUERY_MYIP_SERVER = 'https://diagnostic.opendns.com/myip'
QUERY_MYIP_SERVER = 'http://ipv4.icanhazip.com'
DDNS_ACTIVE       = False
DDNS_DOMAIN       = 'your_domain.freeddns.org'
DDNS_USER         = 'dynu_user'
DDNS_PASSWORD     = 'A0000000B0000000C0000000D0000000'
DDNS_UPDATE_URL   = 'https://api.dynu.com/nic/update?'

PIHOLE_ACTIVE     = False
PIHOLE_DB         = '/etc/pihole/pihole-FTL.db'
DHCP_ACTIVE       = False
DHCP_LEASES       = '/etc/pihole/dhcp.leases'

# arp-scan options & samples
#
# Scan local network (default)
# SCAN_SUBNETS    = '--localnet'
#
# Scan two subnets
SCAN_SUBNETS    = '192.168.11.0/24 192.168.144.0/24 --interface=eth0'
#
# Scan using interface eth0
#SCAN_SUBNETS    = '--localnet --interface=eth0'

#SCAN_SUBNETS      = '--localnet'

Brantlab avatar Feb 08 '22 16:02 Brantlab

Are you using Host network for the container, if not, it will probably not going to work.

version: '3.5' services: pialert: container_name: pialert image: jokobsk/pi.alert hostname: pi.alert environment: - TZ=YourTimeZone restart: unless-stopped network_mode: host volumes: - pialert_db:/home/pi/pialert/db - /path-of-your-config-folder/config:/home/pi/pialert/config volumes: pialert_db: external: true

iAmSaugata avatar May 11 '22 13:05 iAmSaugata