What's on my Network

Do you know who's on your network? Set up a Network Intrusion Monitor and you know. Used Pi.Alert but found an alternative, WatchYourLAN with Telegram or something.

What's on my Network
Photo by Hadija / Unsplash

After a while, your network becomes full of stuff. And we need a Network Intrusion Monitor. A good app lets us see what we have and can alarm us of new devices on the LAN. I've been using Pi.alert for a while, but I have been looking for an alternative. I found WatchYourLAN. It functions within Docker and can be deployed on any of your nodes. I will cover only the basics, but please feel free to experiment with all the options. I use Telegram to send alarms.

Install

WatchYourLAN is a lightweight network IP scanner with a configurable GUI.
It can also be used as a Network Intrusion Monitor with alarm functions.

  • Change your path to where you want to store your sqlitedb database.
  • Change the timezone to match your location.
  • Change to one or many network interface you want to use.
    • If you use ssh, in a terminal run this command: ip link show or ip a
version: "3"
services:
  shoutrrr:
    stdin_open: true
    tty: true
    image: containrrr/shoutrrr
    command: generate telegram
  wyl:
    image: aceberg/watchyourlan
    network_mode: host
    restart: unless-stopped
    environment:
      - TZ=${TZ}
      - IFACE=${IFACE}
      - DBPATH=${DBPATH}
      - GUIIP=${GUIIP}
      - GUIPORT=${GUIPORT}
      - TIMEOUT=${TIMEOUT}
      - SHOUTRRR_URL=${SHOUTRRR_URL}
      - THEME=${THEME}
      - IGNOREIP=${IGNOREIP}
    volumes:
      - /opt/wyl:/data
networks: {}
# environment, required 
TZ: Europe/Helsinki           # needs your TZ for correct time
IFACE: "eth0"                 # 1 or more interface, space separated
# environment, optional
DBPATH: "/data/db.sqlite"     # default: /data/db.sqlite
GUIIP: "0.0.0.0"              # default: localhost
GUIPORT: "8840"               # default: 8840
TIMEOUT: "120"                # in seconds, default=60
SHOUTRRR_URL: ""              # set url to notify
THEME: "solar"                # Can be change in GUI
IGNOREIP: "no"

These options can be changed in the GUI - Config

  • There can be one or more Interfaces, space separated
  • After changing Host, Port or Path to DB options, you need to restart the app
  • Timeout means time between scans (in seconds)
  • Shoutrrr URL provides notifications to Discord, Email, Gotify, Telegram and other services. Link to documentation
    • telegram://<token>@telegram?chats=<ID>@<name>
  • Theme to change themes. Uses Free themes for Bootstrap
  • Ignore IP If you want to detect unknown hosts by MAC only, set to "yes"
  • Log Level How much log you want to see
  • The Clear table button will delete all records from the table.
    If you want to delete a single host, click on its MAC and press Delete host
  • ARP Timeout per host timeout for arp-scan (in milliseconds)

The Auth options can be changed in the GUI - Auth

  • Expire after - when user session expires.
    Can be set with suffixes m (minute), h (hour), d (day) or M (month).
  • Login. For Auth to work, login and password must not be empty.
  • Password is stored encrypted in the config file.
    If you forgot your password, just set auth_password: field to empty there.
⚠️
Warning! Authentication is only secure when implemented over HTTPS and with a robust and intricate password.

Use of WYL

Use your browser and set the address to <IP of VM>:8840 or the port you use.

The Home screen is not very useful, sorting is stupid, but the Online and Offline tabs has all the sorting you need.

😔 What is missing is the ability to scan VLAN.


How to keep Free and Open Software free and open?

Subscribe, like, share, discuss, clap, star, follow, watch, and anything that can help with social media algorithms. Also buy a license, donate, buy merchandise, use Patreon. Remember that most free software is produced by professional (need salary) using platforms and machines that cost money.

 [FSF logo] 
“The Free Software Foundation (FSF) is a nonprofit with a worldwide mission to promote computer user freedom. We defend the rights of all software users.”

References

WYL [1] Pi.Alert [2]


  1. WatchYourLAN GitHub ↩︎

  2. PiAlert Blog post, GitHub. Last update April 24th 2021 ↩︎