How to discover devices on your network (Mac/Linux)

There are several ways to check what devices are currently logged on to your network (e.g. WiFi at home).

The first option is to use arp, which I have found works the best. There will be some cases where it does not work.

In the following example, I’ll assume that your IP address is 192.168.1.xxx.

Using nmap

Scan network and try to guess OS:

sudo nmap -sP 192.168.0.0/24 --osscan-guess

Using arp and nmap

First, scan your sub-network:

# see you IP address using ifconfig, here it's assumed to be 192.168.1.0
nmap 192.168.1.0/24

Second, list devices in your ARP cache:

arp -a

If the output doesn’t look up to date, or if it’s missing an IP you believe should be there, ping the broadcast IP (typically the last result of arp -a ending with “.255”).

# Assuming 239.255.255.250 was the last address in the output from arp -a
ping 239.255.255.250

Now, run arp -a again.

ARP spoofing

Notice that a malicious user can use arp spoofing to mix up the association between MAC addresses and IP addresses. This can be used for man-in-the-middle attacks.

Other ways

You could also use WireShark or even a third or fourth method, but I will not cover those here.

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.