There are several ways to check what devices are currently logged on to your network (e.g. WiFi at home).
The first option is to use arp
, which I have found works the best. There will be some cases where it does not work.
In the following example, I’ll assume that your IP address is 192.168.1.xxx
.
Using nmap
Scan network and try to guess OS:
sudo nmap -sP 192.168.0.0/24 --osscan-guess
Using arp and nmap
First, scan your sub-network:
# see you IP address using ifconfig, here it's assumed to be 192.168.1.0
nmap 192.168.1.0/24
Second, list devices in your ARP cache:
arp -a
If the output doesn’t look up to date, or if it’s missing an IP you believe should be there, ping the broadcast IP (typically the last result of arp -a ending with “.255”).
# Assuming 239.255.255.250 was the last address in the output from arp -a
ping 239.255.255.250
Now, run arp -a
again.
ARP spoofing
Notice that a malicious user can use arp spoofing to mix up the association between MAC addresses and IP addresses. This can be used for man-in-the-middle attacks.
Other ways
You could also use WireShark or even a third or fourth method, but I will not cover those here.
Leave a Reply
You must be logged in to post a comment.