Mastering Your Local Network with NetAlertX: Say Goodbye to Wi-Fi ‘Leechers’ and IP Conflicts

Network tutorial - IT technology blog
Network tutorial - IT technology blog

Is Your LAN Truly Secure?

If you’re managing a network for an office of about 50 people or a homelab setup, you’ve likely been frustrated by random, unexpected issues. I once dealt with an employee who took it upon themselves to plug an old router into a LAN port to create their own Wi-Fi. The resulting DHCP conflict brought down the entire office network. Even more concerning are those mysterious devices appearing in your IP list without a clear origin.

In the past, I used to run nmap scans manually. However, this is quite reactive since you can’t be typing commands all day. NetAlertX (a powerful fork of Pi.Alert) is the lifesaver. It acts as a lean monitoring system, automatically scanning and firing notifications straight to your phone whenever a “stranger” connects to your Wi-Fi or wired network.

NetAlertX does more than just scan IPs. It helps you identify devices, track connection history, and centrally manage your LAN infrastructure without being a resource hog. In practice, this container only consumes about 100-150MB of RAM, making it perfect for older Raspberry Pi models.

Setting Up NetAlertX with Docker Compose

For maximum stability, you should deploy it via Docker on a Linux server or NAS. This makes managing data and future updates a single-command task.

Below is an optimized docker-compose.yml file. Note: You must use network_mode: host. Without this line, the container will be isolated and unable to scan the physical network’s ARP table.

version: "3"
services:
  netalertx:
    container_name: netalertx
    image: jorgeneve/netalertx:latest
    network_mode: host
    restart: unless-stopped
    volumes:
      - ./config:/app/config
      - ./db:/app/db
      - ./logs:/app/logs
    environment:
      - TZ=Asia/Ho_Chi_Minh
      - PUID=1000
      - PGID=1000
      - PORT=20211

After saving the file, activate the system with the following command:

docker-compose up -d

Wait about 30 seconds for the system to start. You can now access the management interface at: http://YOUR-SERVER-IP:20211.

Configuration: Don’t Miss a Single Device

During your first login, don’t just keep clicking “Next.” Focus on these settings to ensure NetAlertX’s “all-seeing eye” works correctly.

1. Set Up the Scan Range

NetAlertX usually auto-detects the IP range, but if you’re using VLANs, go to Settings > Scanners. In the ARP-scan section, enter your specific network range, e.g., 192.168.1.0/24.

Practical experience shows you should enable ICMP (Ping) and Nmap side-by-side. ARP-scan is extremely fast (taking about 5-10 seconds for 254 IPs) but can be easily blocked by security-conscious devices. In such cases, Nmap serves as a backup to detect more stealthy devices.

2. Cleaning Up Your Inventory

After the first scan, your list will be filled with “Unknown” devices. You should spend about 15 minutes standardizing your data:

  • Give them recognizable names like “Accounting-Laptop-01” or “Main-Lobby-Camera”.
  • Assign icons for easy visual identification.
  • Mark trusted devices as “Known”. Any new device appearing later will be treated as an intruder and trigger an immediate alarm.

3. Get Instant Telegram Alerts

This is NetAlertX’s “killer feature.” Instead of constantly checking the web UI, you’ll get a message the moment something happens. The setup process is simple:

  1. Create a Bot via @BotFather on Telegram to get your API Token.
  2. Get your personal Chat ID from @userinfobot.
  3. In the NetAlertX interface, go to Settings > Notifications > Telegram.
  4. Enter the information and click Test to verify the connection.

From now on, as soon as someone “leeches” your Wi-Fi, your phone will buzz instantly.

Practical Troubleshooting Tips

Handling MAC Randomization

Modern smartphones often automatically change their MAC addresses (Private Wi-Fi Address) for privacy. This causes NetAlertX to misidentify them as new devices repeatedly. To fix this, go to the Wi-Fi settings on your phone and disable the “Private Wi-Fi Address” option for this specific local network.

Increasing Scan Frequency for Sensitive Areas

For server rooms, you can reduce the SCAN_INTERVAL to 1-2 minutes. However, don’t apply this to a large network range. Scanning too frequently creates noise and unnecessarily increases the server’s CPU load.

Integration with Pi-hole or AdGuard Home

NetAlertX can read logs from Pi-hole to identify exactly which devices are visiting which websites. This combination turns your system into a powerful monitoring hub, comparable to expensive firewall solutions from Cisco or Fortinet.

Daily Operation and Testing

To test it, try changing your personal computer’s MAC address and reconnecting to the network. If Telegram reports the correct manufacturer (Vendor) and IP, the system is working perfectly.

Every week, I spend 5 minutes checking the Presence Chart. This graph helps identify “flapping” devices that frequently disconnect. Notably, if you see an IP Camera transmitting data continuously at 2 AM, it’s an anomaly you should investigate immediately.

Controlling your internal network isn’t difficult if you have the right visibility tools. NetAlertX is the missing piece that helps you truly master what’s happening behind the cables and Wi-Fi signals in your home.

Share: