I too like this idea and was thinking of suggesting the same suggestion. An email that alerted the admin to an high level of top talkers would be a great feature to pinpoint a client that may have a issue/malware.
As for this, it can be scripted and I also thought about it but my network does not accept guest devices unless I allow it and at that point, i decided not to pursue the implementation due to the amount of work needed to script this, versus actual benefit.
Here's something I created a week ago to solve this:
Firstly, dnsmasq needs to be configured to call a script every time DHCP actions a request (and it of course needs to be your DHCP server): echo "dhcp-script=/path/to/location/lease.sh" | sudo tee "/etc/dnsmasq.d/leasescript.conf"
Then, you can use something like this as your script:
#!/usr/bin/env bash
# Lease.sh: Provide notification when dnsmasq issues new lease
# by WaLLy3K 09APR18
type="${1:-}"; mac="${2:-}"; ip="${3:-}"; hostname="${4:-}"
# DHCP range is 10.0.0.20 to 10.0.0.30; assume any IP > 20 is not static
if [[ "$type" == "add" ]] && [[ "${ip##*.}" -ge 20 ]]; then
# Your commands go here
logger -st "DHCP @ $HOSTNAME" "Leased ${hostname:-a device} $ip ($mac)"
fi
Like @ramset, I use Pushover to send notifications to my device and is definitely a service I'm fond of!