In this article I will demonstrate how to track a user's presence on the LAN based on their IP Address. This is achieved by scheduling a regular ping command, which writes to a log file if the destination system is found.
Ping is used as a connectivity test in systems running the TCP/IP network protocol, which is most systems these days. Ping takes two forms: ping hostname or ping IP Address. In Windows the default is three pings whereas in Unix, ping will continue until stopped manually (CTRL C). Although both pings work similarly, as usual the Unix version is a bit more versatile with more options (man ping).
If ping hostname is used, the system must be able to resolve the IP Address of the host, either through a record in the local DNS Server or through a manual entry in the /etc/hosts file.
In order to track the presence of a specific system on my LAN, I have configured it to get an IP Address from my DHCP Server (dynamic IP) and I have configured the DHCP Server to give that workstation the same IP every time, based on its MAC Address (reserved IP). The main limitation of this system is that a rogue box could connect with its own static IP and go unnoticed. However the default gateway and DNS would need to be known, plus the class and range of IP Addresses in use. Additionally the risk of an IP Address conflict with an existing system is likely.
So without further ado, here is the script..
/sbin/ping -c1 phil > /dev/null
if [ $? -ne 0 ]
echo `date +%H:%M.%S` "Phil is on line.." >> /var/db/philup
Note that the full path to the ping command /sbin/ping is used. This script will be set to run using crontab and so all full paths must be used for all files.
Scrutiny of the ping manual (man ping) indicates that the -c switch counts the number of times to ping the host, in this case -c1 means just do it once.
Next phil is the hostname I'm interested in and the name has an entry in /etc/hosts, to resolve the hostname to its IP Address..
..and the whole thing is then redirected to /dev/null. This file is also known as the bit bucket and is a way of discarding unwanted outputs which would otherwise go to the screen or some other unwanted place. Clever.
Lines 2 and 7 then put the output of line 1 into an if statement. The second line basically tests for the output of the ping command to see if anything actually got pinged. If no host was found then the script echoes nothing and exits out of the if loop.
However if a host was actually present, then the script echoes the time in 24hr:minute:second format, echoes the string "Phil is on line.." and appends this to an existing text file /var/db/philup.
The day's logfile then looks something like this..
2010-04-18 00:01:12 Starting logfile..
11:05.00 Phil is on line..
11:10.00 Phil is on line..
11:15.00 Phil is on line..
13:00.01 Phil is on line..
13:05.00 Phil is on line..
The day's logfile was already created just after midnight, again using crontab to replace the previous day's, using the following scripts:
mv philup ./logs/`date +%Y-%m-%d`_phil.log
Firstly this script moves (and renames) the previous day's logfile philup to the subdirectory /var/db/logs/ and appends the day's date at the front of the filename _phil.log.
The result looks something like this..
Secondly the new day's logfile is created using another cron job, which will be populated with that day's successful ping results..
echo >> philup
echo `date +%Y-%m-%d" "%H:%M:%S` "Starting logfile.." >> philup
echo >> philup
In the above script, the echo command is output to the file philup, however as philup doesn't exist yet (it just got moved out), this command creates the file and puts an empty line at the top.
The second line then appends a time and date to that day's log file at the top and adds another line break with line 3. The log file is then ready to receive entries from the ping command throughout the day - see the philup file above..
All in all then, this works out as an effective way to monitor the presence of a live system on a network, based on knowing its MAC Address.