HACKCMU-SECURE: Real time location of all connected devices
Aggregated counts of devices in various locations
Trying to find a less crowded studying spot on campus? Looking for a professor that you want to catch but he never seems to be in? Or simply wondering where the party's at now on campus? Let HACKCMU-SECURE be your bird's eye view to all connected devices on campus!
What it does
HACKCMU-SECURE shows you real-time information on who's where and what's up on campus.
HACKCMU-SECURE exploits the fact that most people on campus are connected to the CMU-SECURE network. By performing a ping sweep, we are able to enumerate all devices currently connected to this network (~4.5k on average), and by performing a reverse subnet lookup on CMU's network registration service with the IPs we are able to reconstruct real-time information on where every device is approximately located at.
How we built it
We performed ping sweeps on the CMU-SECURE network at regular intervals to collect the IP, hostname, and MAC address information of all devices.
We wrote a bash script to curl https://netreg.net.cmu.edu with cookie authentication for all the IPs that we collected from the scan, and then used grep and sed to filter out which subnet the IP belongs to. We then perform an arp-scan to correlate the results, followed by traceroute to confirm that these are all private IPs.
A timestamp is added and the data is served on our React web client.
Challenges we ran into
Devices with firewalls do not respond to ICMP echo requests, and so we have no way of detecting them. These appear to be very common among Windows machines
DHCP lease for a device may be long, so data may not be fully accurate
Took us a while to find out that CMU's subnet mask is 20 bits
NAT interfaces may exist that we are not aware of, thereby under-reporting the number of devices
Accomplishments that we're proud of
Actually getting sleep
Hacking together common tools in unconventional ways (creative usage of CMU's network registration service in particular)
What we learned
How to use nmap without being too aggressive and being blacklisted by Computing Services
What's next for HACKCMU-SECURE
Individualized location tracking?