While running my access point in public mode, i want to know when people log in. This can be a good way to find intruders too, but not my purpose.
I decided to run arpwatch on my linksys access point, but this is not so easy ..
First you need to have sendmail on the WRT. So install mini_sendmail. Add a file /usr/sbin/sendmail that contains:
#!/bin/sh /usr/sbin/mini_sendmail -t -sIP_of_your_mail_relay
Check that it ‘s working..
Run arpwatch on the WRT throught this script:
#!/bin/sh IFNAME=$(nvram get wifi_ifname) case $1 in start) touch /tmp/arpwatch.dat arpwatch -f /tmp/arpwatch.dat -i $IFNAME ;; stop) killall arpwatch ;; *) echo "usage: $0 (start|stop)" exit 1 esac exit $?
Wait a bit, connect to your wifi, look at your email on the gateway. (root@gw) you will see something like this:
From: email@example.com Subject: new station hostname: <unknown> ip address: 192.168.2.1 ethernet address: 0:f:66:c7:b5:b1 ethernet vendor: <unknown> timestamp: Tuesday, January 18, 2000 14:34:01 +0000