Fing CLI on raspberry: scan different subnets

Are there options in /etc/fing/fing.properties (or in another config file in /etc/fing) to scan different /24 subnets in sequence? Scanning /16 classB-subnet which includes those different /24-subnets is possible, but wastes a lot of time on empty /24-subnets. There should be a way to declare a list of subnets for automated "discovery" of devices. Like a man-page (linux type) on fing.properties explaining available options and switchable flags....
Alderete

Best Answer

  • GiftzwergGiftzwerg Member Posts: 14
    10 Comments 5 Likes Name Dropper First Anniversary
    Accepted Answer
    Thanks again for this valuable hint. I didn't yet search for alternatives at the level of replacing raspbian. After a brief look, I am very interested to try out nems linux. From its requirements however, it would better fit Raspberry 4 series, especially for the upcoming future versions of nagios, which will increase in demand on resources. Good supply of ideas for the next weeks.....

Answers

  • GaoGaoGaoGao Member Posts: 30
    10 Comments First Answer Name Dropper Photogenic
    I never tried the client but, if I understand you correctly,  the user's guide gives the command line parameters as "sudo find --netdiscover 192.168.1.0/24". The user's guide says [Network/Host List] as argument so you can probably use < to input the network list from a file, exact syntax to be validated. https://www.fing.com/images/uploads/general/Fing_CLI_User_Guide_1.2.pdf at 6. Tools
    If you can't explain it simply, you don't understand it well enough.
  • GiftzwergGiftzwerg Member Posts: 14
    10 Comments 5 Likes Name Dropper First Anniversary
    Thanks for the idea, but I tried both ways:
    sudo fing --netdiscover 192.168.64.0/24 192.168.31.0/24 192.168.78.0/24
    Error: option '--netdiscover' cannot be specified more than once
    INFO  2020/10/23 14:02:19 fing graceful exit.
    or second alternative:
    sudo fing --netdiscover < /home/pi/networklist
    Error: the required argument for option '--netdiscover' is missing
    INFO  2020/10/23 15:40:18 fing graceful exit.
    same with altered argument, since the file resides in same dir:
    sudo fing --netdiscover < networklist
    Error: the required argument for option '--netdiscover' is missing
    INFO  2020/10/23 15:41:19 fing graceful exit.
    Seems, the file content is not accepted by channeling. I also suspect that this might be deliberately not enabled, restricting fing both in hw & in sw to "1 subnet only"
    What I did to circumvent this: triggering 5 different detached processes through "screen" started via shell-script, each process operating on one subnet. Works, but that is quite demanding on the little pi.....
    I still hope there could be a non-disclosed option in fing's config-files, to specify an input list or an input file.

    GaoGao
  • GaoGaoGaoGao Member Posts: 30
    10 Comments First Answer Name Dropper Photogenic
    It is a bit odd that the User's Guide indicate [Network/Host List].
    A very wild suggestion: Not at home this week I have no Linux machine here to try it but I downloaded the Client Dev Kit for Debian and decompressed it. In the config file find.properties I found a parameter "overlook.fing.netdiscovery.network.default =" no default value. 
    Just in case but I very much doubt if may apply   :p
    Anyway good you find a solution.
    If you can't explain it simply, you don't understand it well enough.
  • GiftzwergGiftzwerg Member Posts: 14
    10 Comments 5 Likes Name Dropper First Anniversary
    Yes, that's the line where all my experimentation started. I can set it to my main subnet, where the "data-link" type of discovery starts even without an entry; I could also point it to my vlan subnets, but only to one at at time; I tricked it by scanning the 192.168.0.0/16 BIG subnet (class B) which effectively digs out all my vlan subnets, but also some more mysterious subnets I did not know of before. I suspect they are created by config-logins of some IOT devices. But scanning 256 C-nets when you only need 6 of them is a waste of time. From then on I instantiated the fing engine multiply in different processes, scanning a subnet each on its own. They are dumping their results in the same directory, from whereon I will write sth to evaluate the differences and auto-email myself on new or disappeared devices. Maybe I do it in Python, just for fun, since I am longtime on C# in my job as software developer.
  • GaoGaoGaoGao Member Posts: 30
    10 Comments First Answer Name Dropper Photogenic
    Giftzwerg said:
    [...] But scanning 256 C-nets when you only need 6 of them is a waste of time. From then on I instantiated the fing engine multiply in different processes, scanning a subnet each on its own. They are dumping their results in the same directory, from whereon I will write sth to evaluate the differences and auto-email myself on new or disappeared devices. [...]
    Fing is a good for home users and ok small businesses. But as you are computer savvy and monitoring a multi-segment networks, have a look at NEMS https://nemslinux.com/ it is "the Nagios Enterprise Monitoring Server for Single Board Computers", Raspberry Pi included of course. You may have to invest a bit of your time to configure it but it seems to fits your needs more than Fing.
    For the other readers if you not network and Linux savvy, stay with Fing 
    If you can't explain it simply, you don't understand it well enough.
  • GiftzwergGiftzwerg Member Posts: 14
    10 Comments 5 Likes Name Dropper First Anniversary
    Thanks again for this valuable hint. I did not yet search for alternatives at the level of replacing raspbian. After a brief look at nems, I am very intersted to try this out. For requirements however, nems seems better suited for raspberry 4 series especially for the upcoming future versions nems which will increase in demand on resources. Nice new idea, room for experiments in the next weeks....

  • GiftzwergGiftzwerg Member Posts: 14
    10 Comments 5 Likes Name Dropper First Anniversary
    For anyone who has the same interest and intention of monitoring (preferentially as intrusion-detection and alert) different subnets layer3 which are related to layer2-vlan:
    (A) using fing CLI is possible, despite fing CLI working on only one layer3-subnet: configure a raspi (3B is sufficient) with virtual ethernet interfaces; connect raspi to trunk-port configured on your switch, such that raspi gets all traffic from all different vlans / subnets; use a shell-script to start fing CLI in e.g. 5 (number of all your subnets) different processes, operating on one subnet each; direct the output of inventory reports into a common subdir; evaluate with e.g. a python script, comparing doublets of older / newer inventory reports, and sort out what is new and what has disappeared; send smtp-email of the diff-report to your own e-mail account -> done
    (B) use mems as proposed by GaoGao; but this is resource-heavy (raspi 4 recommended) and does much more than diff-inventories. It is much better for looking into state of services of known devices
    (C) run ntop-ng on one of your notebooks; same as for mems: resource-heavy and far beyond simple diff-inventories, better for monitoring state of services on well-known devices
    For me personally, the above has become obsolete. In combination with firewallA-gold, activating "quarantine" feature monitors all different sub-lans, performing as an intrusion-prevention system. The one sublan with a physical fingBox can additionally (kind of redundant, admitted) activate "block new device", which is (for my lan specifically) triggering and reporting even a little faster than the quarantining action of firewallA gold.


  • AldereteAlderete Member, Beta Tester Posts: 16
    10 Comments 5 Agrees First Anniversary Name Dropper
    ✭✭
    edited January 15
    FWIW, the reason my Fingbox (Kickstarter backer here) is sitting disconnected in storage is because it doesn't handle multiple VLANs. 

    While I get the desire to keep Fing simple, it's solving for a narrow use case. On one side are most folks, who are never going to put Fing to use on their network in any way. It's beyond them, they can barely use their ISP-supplied router, Wi-Fi, and so on.

    Then you make the jump, to people who want to take a more active role in managing their network security. Fing is a great first step on that journey. But once you start on that path, and especially if you've started putting a lot of so-called IoT devices on your network, you inevitably end up wanting to isolate those devices. Once you cross that boundary, you're in new territory, and Fing stops being so useful.

    In my case, that means it's sitting unplugged in a closet.
    britesccoucouRWild
  • coucoucoucou Member Posts: 1
    First Comment Photogenic First Anniversary
    Alderete said:
    FWIW, the reason my Fingbox (Kickstarter backer here) is sitting disconnected in storage is because it doesn't handle multiple VLANs. 

    While I get the desire to keep Fing simple, it's solving for a narrow use case. On one side are most folks, who are never going to put Fing to use on their network in any way. It's beyond them, they can barely use their ISP-supplied router, Wi-Fi, and so on.

    Then you make the jump, to people who want to take a more active role in managing their network security. Fing is a great first step on that journey. But once you start on that path, and especially if you've started putting a lot of so-called IoT devices on your network, you inevitably end up wanting to isolate those devices. Once you cross that boundary, you're in new territory, and Fing stops being so useful.

    In my case, that means it's sitting unplugged in a closet.

    Totally agree with you.
    Fing should simply add the option to scan other subnets in their mobile application interface!
    KYSteve
  • davidwtdavidwt Member Posts: 1
    First Comment
    one entry per line in the file 'scanlist':
    sudo cat scanlist | xargs fing --netdiscover
Sign In or Register to comment.