Monitor login attempts on your home WiFi

Coming and Going

Listing 4 then stores all the discovered MAC addresses in the persistent hash, %leases and maps them to the matching IP addresses and device names. It thus knows which devices existed on the previous run, and which have just been added since then. Line 27 then adds the new entries to the hash's persistent memory, and line 28 fires off the events defined in lines 42-57 with notify().

A similar script branch handles devices that existed in the previous run and which thus exist in %leases but are now missing in the current run. The volatile %found hash stores these. If a discrepancy is discovered, line 34 then sends a message stating that the device has disappeared.

The notify() function basically looks like the test script introduced in Listing 2. It uses the Prowl API key stored in $API_KEY at the start of the script and only adds the application name, the event type (joined or left), and the description, while it leaves the URL field empty.

Because my low-budget hosting service does not allow root access, I installed the CPAN modules required by the script locally in the home directory below perl5; cpanm does this automatically if it notices that it cannot manipulate /usr/lib because it is lacking the necessary permissions. But for the script to find the modules installed there, line 3 in Listing 4 needs to add this path explicitly using use lib.

No Invasion – Yet

It was very reassuring to see that the script only discovered known devices on my WiFi during the beta testing phase, but at least now I am perfectly prepared for a full-scale over-the-air attack. Another thing I noticed is that some devices suddenly connect to the WiFi network in the middle of the night, even though they are switched off and lying somewhere in the corner of the room, one example being my Kindle Paperwhite ebook reader, most likely checking for available software updates.

It would be fairly easy to improve the script to know which MAC address belonged to which device, which you could easily handle using a hash in lease-notify. The text messages would then use device names designed to reflect the situation on the home network, which would make them much easier to understand when received.


I thank my co-worker Tristan Horn, whose idea it was to display devices joining and leaving the home network on a phone, and he also wrote an application for this purpose that integrates the whole enchilada in a far more professional UniFi system [3].

Mike Schilli

Mike Schilli works as a software engineer in the San Francisco Bay Area. He can be contacted at Mike's homepage can be found at


  1. Listings for this article:
  2. Prowl:
  3. Connecting push notifications with a UniFi system:\

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95