Hi guys, i would like to detect device information on the local network (wifi). I tried arp command on osx / windows, but it was not fast enough and some of the mac addresses were missing or were present even though they left the network. Is there any solution to test if a certain mac address is on the network? I would like to log the time and mac address whenever a device joins or leaves the network.
If you know the MAC, arping would be a good command.
The device that knows best is the router that manages the Wifi network. So, you could see if you could ask the router for that information, and then ping the devices regularly to see if they’re responding. ARP uses caching, IIRC, so that’s not working to check for live presence of network devices. Plus, some may be in some stealth mode. If this were all on wires (Ethernet), it’d be easier.
I believe there are also low level ways to use your computer’s Wifi interface to check on other devices, but I don’t know much about that, just that there are tools that can scan and listen Wifi traffic, although that may also require special drivers and hardware to enable the “promiscous mode”, for instance, IIRC.
the icmp socket (old) example will help you
You should be able to do this from a shell (tested Mac OS X)
First issue this to clear the ARP cache
sudo arp -a -d
Then get every machine on the network that responds to ICMP to respond by sending a PING to the broadcast address on your subnet (for example 192.168.1.255 or 10.0.0.255, etc)
Finally find out what is in the ARP cache now