I found a great script created by excession in a thread here: viewtopic.php?t=211539. Script works great in ROS 7 & only supported in ROS 7 as stated by the op. Looking for something similar to obtain the vendor names.
The majority of Mikrotik's are mostly running 6.45.9 and some on 6.49.10. Does anyone know how, in ROS 6.45.x or above, to have the script below reach out & get the vendor info? The MAC address is defined as $mac in the script below.
Update: Changed the script as it failed or skipped over duplicate macs. It clears the arp table, ip-scan the range, get macs, ip addresses, bridge host interface & ether name comments. Do a mac lookup for each item. Output is shown in cli & also saved to a file (identity_IP-Scan_interface_date-time.txt). A bridge must exist. The script will request a value, user inputs the ip range of the printed available networks (ip --> addresses), 192.168.88.1/24 as example, the script will find the interface & run with it.
Update2: Updated to follow IEEE standards for OUI lookup. Replaced date/time conversion with rextended's version (works properly in all ROS versions). Removed some items needed for personal needs/use.
Update3: Put back the date command that was missing for the title. Added arp cleanup suggested by wfburton.
Update4: Added to validate that a bridge interface does exist in bridge hosts (/interface bridge host) prior to running.
Thank you to excession for providing the code to make the mac lookup work.
Thank you rextended for your input, suggestions and scripts.
Thank you to all the forum guru's & users having this info available searching throughout the forum, and providing assistance when stumped.
# disclaimer: novice attempt for this to work in ros 6.45.9 & above.
Code: Select all
:local version "IP-Scanner_v2.3.4"
:local note "Compatible with RouterOS versions 6.45.9 & above"
:local scanTime "30"
:local date [/system clock get date]
:local name [/system identity get name]
:put ""
:put "### $version"
:put "### $note"
{
# Convert date and time for the file name, needed for ROS version 6
:local simplercurrdatetimestr do={
/system clock
:local vdate [get date]
:local vtime [get time]
:local vdoff [:toarray "0,4,5,7,8,10"]
:local MM [:pick $vdate ($vdoff->2) ($vdoff->3)]
:local M [:tonum $MM]
:if ($vdate ~ ".../../....") do={
:set vdoff [:toarray "7,11,1,3,4,6"]
:set M ([:find "xxanebarprayunulugepctovecANEBARPRAYUNULUGEPCTOVEC" [:pick $vdate ($vdoff->2) ($vdoff->3)] -1] / 2)
:if ($M>12) do={:set M ($M - 12)}
:set MM [:pick (100 + $M) 1 3]
}
:local yyyy [:pick $vdate ($vdoff->0) ($vdoff->1)]
:local dd [:pick $vdate ($vdoff->4) ($vdoff->5)]
:local HH [:pick $vtime 0 2]
:local mm [:pick $vtime 3 5]
:local ss [:pick $vtime 6 8]
:return "$MM-$dd-$yyyy_$HH.$mm.$ss"
}
:local dateTime [$simplercurrdatetimestr]
# Gather network address from user & find the interface
:put ""
:put "### Listing available address-list"
:put ""
/ip address print
:put ""
:local requestvalue do={:put $1 ; :return}
:local scanRange [$requestvalue "Enter the address of the interface to scan. Hint: not an ether# -- Example: 192.168.88.1/24"]
:put ""
:local scanBridge [/ip address get [find where address="$scanRange"] interface]
:local scanInterface [/interface bridge host get [find interface=$"scanBridge"] bridge]
:put "### Found bridge: $scanInterface"
:local fileName "$name_IP-Scan_$scanInterface_$dateTime"
/file remove [find where name=$"fileName".txt]
:delay 2s
# Clear the arp table
:put "### Clearing the arp table"
:local dumplist [/ip arp find]
:foreach i in=$dumplist do={
/ip arp remove $i
}
# Scan the range, get macs, ip addresses, bridge host interface & ether name comments. Do a mac lookup for each item
:local ipScan ""
:local buffer1 ""
:local vendor
:local arpCount 0
:delay 2s
:put "### Scanning $scanRange for $scanTime seconds. Standby..."
:put ""
:delay 2s
:set $ipScan ($ipScan.[/tool ip-scan address-range="$scanRange" duration=$scanTime])
:put "### Looking up OUI vendor info. Standby...\r\n"
/ip arp
:foreach item in=[find interface=$"scanInterface"] do={
:local mac [get $item mac-address]
:local arpIP [get $item address]
:local ipScanip "$ipScan$[get $item address]"
:local ipScanmac "$ipScan$[get $item mac-address]"
:if ([:len $mac] > 0) do={
:do {
:local int [/interface bridge host get [find where mac-address=$ipScanmac] interface]
:local comment [/interface ethernet get [find where name=$int] comment]
:local secBit [:pick "$ipScanmac" 1 2 ]
:if ( ($secBit = "2") or ($secBit = "6") or ($secBit = "A") or ($secBit = "E") ) do={
:set vendor "* LOCAL PRIVATE *"} else={
:local vendorResult [/tool fetch url=("https://api.maclookup.app/v2/macs/".[:pick $ipScanmac 0 8]."/company/name") as-value output=user]
:if (($vendorResult->"status")="finished") do={:set vendor ($vendorResult->"data")}
:delay 0.5}
:if ($vendor = "IEEE Registration Authority") do={
:local vendorResult2 [/tool fetch url=("https://api.maclookup.app/v2/macs/".[:pick $ipScanmac 0 10]."/company/name") as-value output=user]
:if (($vendorResult2->"status")="finished") do={:set vendor ($vendorResult2->"data")}
:delay 0.5}
:if ($vendor = "IEEE Registration Authority") do={
:local vendorResult3 [/tool fetch url=("https://api.maclookup.app/v2/macs/".[:pick $ipScanmac 0 13]."/company/name") as-value output=user]
:if (($vendorResult3->"status")="finished") do={:set vendor ($vendorResult3->"data")}
:delay 0.5}
:set $buffer1 ($buffer1."IP: $ipScanip | MAC: $ipScanmac | Interface: $int | Comment: $comment | MLU: $vendor\r\n")
:set arpCount ($arpCount + 1)
} on-error={};
}}
# Grab bridge-host items
:local brHost1 ""
:local brVendor ""
:local brCount 0
/interface bridge host
:foreach brItem in=[find bridge="$scanInterface" local=no] do={
:do {
:local brMac [get $brItem mac-address]
:local brInt [get $brItem interface]
:local secBit2 [:pick "$brMac" 1 2 ]
:if ( ($secBit2 = "2") or ($secBit2 = "6") or ($secBit2 = "A") or ($secBit2 = "E") ) do={
:set brVendor "* LOCAL PRIVATE *"} else={
:local brVendorResult [/tool fetch url=("https://api.maclookup.app/v2/macs/".[:pick $brMac 0 8]."/company/name") as-value output=user]
:if (($brVendorResult->"status")="finished") do={:set brVendor ($brVendorResult->"data")}
:delay 0.5}
:if ($brVendor = "IEEE Registration Authority") do={
:local brVendorResult2 [/tool fetch url=("https://api.maclookup.app/v2/macs/".[:pick $ipScanmac 0 10]."/company/name") as-value output=user]
:if (($brVendorResult2->"status")="finished") do={:set brVendor ($brVendorResult2->"data")}
:delay 0.5}
:if ($brVendor = "IEEE Registration Authority") do={
:local brVendorResult3 [/tool fetch url=("https://api.maclookup.app/v2/macs/".[:pick $ipScanmac 0 13]."/company/name") as-value output=user]
:if (($brVendorResult3->"status")="finished") do={:set brVendor ($brVendorResult3->"data")}
:delay 0.5}
:set $brHost1 ($brHost1."MAC: $brMac | Interface: $brInt | MLU: $brVendor\r\n")
:set brCount ($brCount + 1)
} on-error={:put "error - duplicate MAC detected"};}
# ARP Clean-up
/ip arp remove [find where !complete]
# Messages
:local title "Identity: $name | Scanned Bridge: $scanInterface | Scanned Range: $scanRange | Date: $date | Version: $version\r\n"
:local detected "### Total devices with an address detected on '$scanInterface': $arpCount"
:local dump "### Below is a dump of the data collected from '$scanInterface' & IP range '$scanRange'. If there are duplicate MAC addresses, they will NOT be listed in the Bridge-Host dump\r\n"
:local brCountNote "### Total items found in bridge-host for '$scanInterface': $brCount"
# List the results
:put "$detected"
:put "$buffer1"
:delay 1s
:put "$dump"
:put "$brCountNote"
:put "$brHost1"
# Put the results in a file
:put "### Writing to file"
/file print file=$fileName
:delay 1s
:execute [/file set $fileName contents="$title\r\n$detected\r\n$buffer1\r\n$dump\r\n$brCountNote\r\n$brHost1"]
# Instructions
:put "### The file: '$fileName' is located in 'Files' (left sidebar menu)"
:put "### To download the file locally, right click on the file & select download"
:put "### Be sure to delete the file from this device once it's downloaded locally"
:put ""
}
Here's a screenshot of the output