June 15, 2021

How to discover devices on your network (Mac/Linux)

There are several ways to check what devices are currently logged on to your network (e.g. WiFi at home).

The first option is to use arp, which I have found works the best. There will be some cases where it does not work.

In the following example, I'll assume that your IP address is 192.168.1.xxx.

Using arp and nmap

First, scan your sub-network:

# see you IP address using ifconfig, here it's assumed to be

Second, list devices in your ARP cache:

arp -a

If the output doesn’t look up to date, or if it’s missing an IP you believe should be there, ping the broadcast IP (typically the last result of arp -a ending with “.255”).

# Assuming was the last address in the output from arp -a

Now, run arp -a again.

ARP spoofing

Notice that a malicious user can use arp spoofing to mix up the association between MAC addresses and IP addresses. This can be used for man-in-the-middle attacks.

Other ways

You could also use WireShark or even a third or fourth method, but I will not cover those here.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.