#!/bin/bash

# Network Monitoring Script
# Monitors for suspicious activity

LOG_FILE="network_monitor_$(date +%Y%m%d_%H%M%S).log"

echo "Starting network monitoring..." | tee $LOG_FILE

while true; do
    echo "[$(date)] Checking network..." | tee -a $LOG_FILE
    
    # Check for new devices
    NEW_DEVICES=$(arp -n | grep -v "incomplete" | wc -l)
    echo "Active devices: $NEW_DEVICES" | tee -a $LOG_FILE
    
    # Check for suspicious connections
    SUSPICIOUS=$(netstat -tuln 2>/dev/null | grep -E ":(25|1433|3306|5432|27017|6379|8080|8443|4444|31337)" | wc -l)
    if [ $SUSPICIOUS -gt 0 ]; then
        echo "⚠️  Suspicious connections detected: $SUSPICIOUS" | tee -a $LOG_FILE
    fi
    
    # Check firewall status
    if ! sudo iptables -L -n | grep "192.168.50.81" > /dev/null; then
        echo "🚨 WARNING: Compromised device is no longer blocked!" | tee -a $LOG_FILE
    fi
    
    sleep 300  # Check every 5 minutes
done