Updated : 2026-03-29
LAN discovery and network probing module. Scans IP ranges for active hosts, identifies open ports, fingerprints services and operating systems from banners, resolves hostnames and MAC addresses, fetches DHCP lease data from MikroTik gateways, resolves Proxmox VM/container names, and optionally registers discovered hosts in def_host via ObjHost.
All scanning is concurrent (ThreadPoolExecutor). A full /24 subnet scan completes in seconds.
Two classes:
Both inherit from ObjData.
Probes individual hosts for connectivity, open ports, and service identification.
| Method | Description |
|---|---|
get_ip_address() |
Local IP via ObjInet (DB-backed) |
get_host_ip_address(host) |
Resolve hostname via ObjInet with GeoIP lookup |
resolve_ip(host) |
Lightweight DNS resolution (no DB, thread-safe) |
get_local_ip() |
Local IP via UDP socket trick (no DB, thread-safe) |
get_local_interfaces() |
Enumerate all NICs with IP, MAC, interface name, and description |
| Method | Description |
|---|---|
get_dhcp_leases(gateway, username, password) |
Fetch leases from gateway; MikroTik REST API first, then local dhclient files |
The MikroTik REST API path is /rest/ip/dhcp-server/lease. Uses HTTP for LAN gateways (10.x, 192.168.x, 172.x), HTTPS otherwise. Returns lease type (static/dynamic), hostname, MAC, expiry, status, server, and comment.
Fallback parses /var/lib/dhcp/dhclient.leases, /var/lib/dhclient/dhclient.leases, and files under /var/lib/NetworkManager/.
| Method | Description |
|---|---|
arp_discover(interface) |
Discover LAN hosts via ip neigh; falls back to arp -a |
resolve_hostname(ip) |
Reverse-DNS lookup |
resolve_mac(ip) |
MAC lookup from ARP/neighbour table |
| Method | Description |
|---|---|
get_machine_ports(target_ip, max_workers) |
Concurrent TCP scan of ports 20-1024 using ThreadPoolExecutor |
probe_port(port, socket_type, name) |
Probe a single port: connect, read banner, fingerprint |
open_connection(port, connection_type) |
Open a TCP/UDP socket to the target host |
read_banner(connect, port) |
Read banner; sends HEAD for HTTP ports, probe string otherwise |
fingerprint_banner(banner, port) identifies services from two sources:
Banner patterns (SERVICE_FINGERPRINTS in InternetConstants): Regex patterns matched against banner text. Detects OpenSSH (Ubuntu/Debian/generic), Dropbear, MariaDB, MySQL, PostgreSQL, IIS, nginx, Apache, MSSQL, Redis, Mosquitto, RabbitMQ, MongoDB, InfluxDB, Proxmox VE. Extracts version numbers where available.
Port hints (PORT_HINTS in InternetConstants): Fallback identification by port number when no banner match. Covers 20+ common ports.
| Method | Description |
|---|---|
ping_machine(host) |
4-packet ICMP ping, returns (reachable, response_times) |
ping_fast(host) |
Single-packet ping with 1s timeout for quick reachability check |
probe(host, services, name, context, lightweight) performs a complete probe:
Set lightweight=True to skip DB-backed resolution -- required for threaded use.
probe_concurrent(hosts, services, max_workers) probes multiple hosts in parallel. Each thread creates its own lightweight Netprobe instance (no DB). After all threads complete, results are persisted to the monitor DB from the main thread via _persist_scan_results().
{
"host": "10.0.10.5",
"hostip": "10.0.10.5",
"ping": True,
"response_times": [0.5, 0.4, 0.6, 0.5],
"hostname": "db-server.local",
"mac": "aa:bb:cc:dd:ee:05",
"os_hint": "Linux/Ubuntu",
"services": "SSH, MySQL",
"ports_open": [22, 3306],
"status": [
{
"port": 22,
"port_status": "OPEN",
"banner": "SSH-2.0-OpenSSH_8.2p1 Ubuntu-4",
"fingerprint": {
"service": "OpenSSH",
"os_hint": "Linux/Ubuntu",
"version": "8.2p1",
},
},
],
}
Orchestrates scanning across IP ranges with DB persistence and host registration.
| Method | Description |
|---|---|
scan(prefix, start, end) |
Concurrent scan of an IP range; returns probe results for reachable hosts |
scan_devices(prefix, start, end) |
Same as scan with defaults targeting .60-.69 (network devices) |
check_status(host) |
Check host status from previously recorded port data in DB |
discover(prefix, start, end, register_hosts, gateway, gateway_user, gateway_pass) performs full LAN discovery:
config.yaml gateway section.ip neigh / arp -ascan()vm_type, vm_id, vm_node, vm_status fields.register_hosts=True, create new def_host entries; otherwise update existing entries matched by IP{
"scan_from": "10.0.10.100",
"prefix": "10.0.10.",
"range": "1-254",
"hosts_found": 12,
"arp_found": 15,
"dhcp_leases": 8,
"hosts": [ ... ],
}
All tables are created in the monitor database (MonitorConstants.MONITOR_DB). Schema is auto-created on first use via _ensure_lan_table().
| Table | Primary Key | Purpose |
|---|---|---|
internet_lan |
MacAddress | LAN host record keyed by MAC |
internet_lan_ip |
Ip | LAN host record keyed by IP (for hosts without MAC) |
internet_lan_history |
Id (auto) | Change log: tracks field-level changes between scans |
internet_security_finding |
FindingId (auto) | Security findings with severity and category |
internet_service |
(Host, ServiceName) | Running services per host |
internet_service_history |
Id (auto) | Service status change log |
internet_session |
(Host, User, Terminal) | Active login sessions per host |
internet_package_change |
Id (auto) | OS package install/upgrade/remove log |
internet_sensor |
(Host, SensorName) | Hardware sensor readings (temp, fan, etc.) |
internet_throughput |
(Host, Interface) | Network interface byte/packet counters |
internet_HostPort |
(defined in YAML) | Port scan results (used by Netprobe._persist_scan_results) |
_detect_and_log_changes() compares new scan data against the existing record (by MAC first, then IP). Tracked fields: Hostname, OsHint, Services, OpenPorts, DhcpType, DhcpStatus, DhcpComment, ArpState, Active. Changes are logged to internet_lan_history with old/new values and timestamp.
Two modes controlled by register_hosts parameter in discover():
_register_discovered() creates new entries in def_host via ObjHost.register(), then syncs scan data to all matching entries by IP._sync_existing_hosts() updates only existing def_host entries matched by IP or hostname. Updates Services, Os, and LastSeen columns. Does not overwrite Package ownership.The _sync_to_def_host() method matches on both Ip and InternalIp columns, so multi-NIC hosts with different public and internal IPs are covered.
Concurrent scanning uses a collect-then-persist pattern:
Netprobe(0) instances with no DB connection. They perform network I/O only (ping, port scan, banner read).This avoids DB connection sharing across threads.
| Command | Description |
|---|---|
direct <host> |
Probe a single host with rich table output |
probe-all |
Clear the open ports log |
scan |
Scan an IP range (default 10.0.10.1-25) |
arp |
Show ARP/neighbour table discovery |
discover |
Full LAN discovery with ARP + DHCP + scan + fingerprinting |
# Probe a single host
python ObjInternet.py direct 10.0.10.5
# Quick ARP discovery
python ObjInternet.py arp
# Scan default range (10.0.10.1-25)
python ObjInternet.py scan
# Scan custom range
python ObjInternet.py scan --prefix 10.0.10. --start 1 --end 50
# Full LAN discovery
python ObjInternet.py discover --prefix 10.0.10. \
--start 1 --end 254
# Discover with DHCP from MikroTik gateway
python ObjInternet.py discover --gateway 10.0.10.1 \
--gateway-user admin --gateway-pass secret
# Discover and register in def_host
python ObjInternet.py discover --register
| Constant | Default | Description |
|---|---|---|
DEFAULT_SCAN_WORKERS |
20 | Thread pool size for multi-host scanning |
DEFAULT_PORT_WORKERS |
50 | Thread pool size for port scanning per host |
DEFAULT_SCAN_TIMEOUT |
2 | Default socket timeout in seconds |
HTTP_PORTS |
(set) | Ports treated as HTTP for banner detection |
SERVICE_FINGERPRINTS |
(list) | Regex patterns for banner matching |
PORT_HINTS |
(dict) | Port-to-service fallback mapping |
| Section | Key | Description |
|---|---|---|
gateway |
host |
Default gateway IP for DHCP lease lookup |
gateway |
user |
Gateway API username |
gateway |
pass |
Gateway API password |
proxmox |
user |
Proxmox API username |
proxmox |
pass |
Proxmox API password |
SQL queries for DB operations: insert_host_port, update_port_status_open, update_port_status_closed, clear_open_ports_log, check_host_status, get_lan_host_by_mac, get_lan_host_by_ip, insert_lan_history, upsert_lan_host, upsert_lan_ip.
| Module | Usage |
|---|---|
ObjData |
Base class for both Netprobe and ObjInternet |
ObjInet |
IP resolution and GeoIP lookup |
ObjHost |
Host registration in def_host |
ObjConstants |
InternetConstants and MonitorConstants |
proxmoxer |
Optional: Proxmox API for VM name resolution |
rich |
CLI table output |
ObjHost.py -- unified host registryObjInet.py -- IP/domain intelligence and GeoIPObjMonitor.py -- calls Netprobe.probe() via collect_ports()ObjSecurityAudit.py -- security scanning (uses findings table)ObjConstants.py -- InternetConstants definitioncythonize -3 -a -i ObjInternet.py
Updated : 2026-03-29