Skip to content

Commit

Permalink
Suggestion for alternative Scan
Browse files Browse the repository at this point in the history 
On larger Network the default arp-scan is to slow
  • Loading branch information
@leiweibau
leiweibau committed Jun 13, 2022
1 parent e1982b1 commit feb3eab
Showing 1 changed file with 8 additions and 1 deletion.
9 changes: 8 additions & 1 deletion back/pialert.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -449,8 +449,15 @@ def execute_arpscan (pRetries):
# #101 - arp-scan subnet configuration
# Prepare command arguments
subnets = SCAN_SUBNETS.strip().split()
arpscan_args = ['sudo', 'arp-scan', '--ignoredups', '--bandwidth=512k', '--retry=1'] + subnets

# arp-scan for larger Networks like /16
# otherwise the system starts multiple processes. the 15min cronjob isn't necessary.
# the scan is about 4min on a /16 network
arpscan_args = ['sudo', 'arp-scan', '--ignoredups', '--bandwidth=512k', '--retry=3', SCAN_SUBNETS]

# Default arp-scan
# arpscan_args = ['sudo', 'arp-scan', SCAN_SUBNETS, '--ignoredups', '--retry=' + str(pRetries)]

# print (arpscan_args)

# TESTING - Fast Scan
Expand Down

6 comments on commit feb3eab

@whitershadeofpale
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it enough to double the bandwidth to avoid multiple simultaneous scans?
I suspect it always starts two processes even on small networks, one with sudo, the other without.

@leiweibau
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the main project, there is a scan every 5 min and every 15 min.
With a large network, the 5 min scan slowly builds up. In addition, there is a more intensive scan every 15 minutes, which is also not completed within the following 15 minutes. These then also build up. For this reason, I increased the bandwidth and made the retries static.

@whitershadeofpale
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you very much for the explanations. By "more intensive scan", you mean --retries=9, i suppose. In my current situation, I have disabled the 5 min and 15 min scans via cronjobs, and added a 3-hour scan with --retries=1 (static). But still this happens 60 times, for each minute, which means ARP traffic continues for an hour. I cannot disable retries. 60 retries still continues, even with --retries=1 parameter. OK, I understand increasing the bandwidth to make it shorter, but how can I get rid of retries?

@whitershadeofpale
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK, I solved. My mistake, in pialert.py file.
Thank you very much for your help. I will upgrade my installation as soon as I have time.

@leiweibau
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You need the retries because not every device responds to the first ARP request. You can only control when a scan takes place via the cronjob.

With "more intensive" I mean the partial dynamic increase up to 16 retries, if I remember the value correctly.

I have disabled the 5 min and 15 min scans via cronjobs, and added a 3-hour scan

Then you may have made a mistake here.

I have also experienced that older WLAN devices can get problems if you flood the network with never ending ARP requests.

@whitershadeofpale
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have followed your instructions and migrated from pucherot's Pi.Alert to you fork, 2 weeks ago. Better performance and features. Last week after apt upgrade, scans stopped with errors. I saw that you have an upgrade and I upgraded. Now everything works fine. Thanks for your efforts.

Please sign in to comment.