kenotaph-daemon

News

2016-06-16 — Version 1.0.2 released.

2016-03-16 — Version 1.0.1 released.

2016-02-24 — Version 1.0.0 released.

Description

kenotaph-daemon is a tool for detecting a presence of network devices through means of a packet capture. Both Wired and Wireless networks are supported, assuming appropriate hardware is available. Targeted device is identified by a user defined Berkeley Packet Filter, either by its IP address or Hardware address, however the use of BPF allows for higher complexity. A packet capture is done in promiscuous mode, and/or in monitor mode.

kenotaph-daemon is designed to be a 'daemon' program that runs in the background. To communicate with other processes, a TCP/IP socket is opened on a defined port bound to a hostname. When a targeted device becomes present on a network, or becomes absent, a notification message is sent to all consumers connected to the socket.

A notification message is an ASCII formatted string that consists of three fields separated by a white-space character (' ', hex \x20). The first field contains a name of the event, the second contains an ID, which corresponds to a name of a device section found in a configuration file, and the third contains a name of a network interface. Whole message is terminated with a newline character ('\n', hex \x0A).

Event names are abbreviations of their meaning and are sent thus:

kenotaph-daemon is free software licensed under GPLv3.

Usage

Usage: kenotaphd [OPTIONS] <config-file>

Options:
  -4                            resolve hostname to IPv4 address
  -6                            resolve hostname to IPv6 address
  -t, --hostname=HOSTNAME:PORT  bind socket to hostname and port
  -d, --daemon                  run as a daemon
  -m, --accept-max=NUM          accept maximum of NUM concurrent client connections
  -P, --pid-file=FILE           create a pid file FILE
  -V, --verbose                 increase verbosity
  -h, --help                    show usage information
  -v, --version                 show version information

Configuration

/*
 * Example configuration file for kenotaph-daemon.
 */

// Bind to address...
hostname = "localhost"

// ... on port.
port = 8888

// Resolve hostname to IPv6 address.
ip_version = 6

// Accept maximum number of concurrent connections.
accept_max = 64

// Create a pidfile.
pidfile = "/run/kenotaphd.pid"

/*
 * Capture on Wireless interface in monitor mode.
 */
interface wlan0
{
	// Enable monitor mode, if supported. Monitor mode is disabled by default.
	monitor_mode = true

	// Enable promiscuous mode. Promiscuous mode is enabled by default.
	promisc_mode = true

	// Use default link_type, otherwise this value would override it.
	//link_type = "EN10MB"

	// This option is ignored by kenotaph-daemon but it allows external tools
	// to get an information about a wireless channel on which we want to
	// listen. This option only makes sense when monitor mode is enabled.
	channel = 6

	// Enable or disable this interface section. By setting this value to
	// false, everything inside this section will be ignored.
	enabled = true

	device mydevice1
	{
		// Enable or disabled this device section.
		enabled = true

		// Berkeley Packet Filter describing how to match packets belonging to
		// a device.
		match = "ether host aa:bb:cc:dd:ee:f1"

		// Maximum time spent waiting for another matched packet. If this value
		// is exceeded, device is pronounced absent.
		timeout = 900
	}

	// ... define other devices.

	// ... or include them from elsewhere.
	include ("externaldevice.conf")
}

/*
 * Capture on Ethernet interface.
 */
interface eth0
{
	device officeprinter
	{
		match = "ip host hpprinter"
		timeout = 3600
	}

	device homeserver
	{
		match = "ip host 192.168.1.52 or ip host 192.168.1.60"
		timeout = 200
	}
}

Installation

If kenotaph-daemon is not available in a repository of your favorite GNU/Linux distribution, you may consider installing it from the source.

From the source:

  1. Download the source code.
  2. Extract the content of the archive.
  3. Change current directory to extracted directory.
  4. Run make to compile the source code.
  5. Run make install with root privileges to install the compiled binary.

Dependencies:

Download

Latest changes and all version releases are available in kenotaph-daemon git repository.