When we notice a suspicious activity it is advisable that we choose to check all the devices connected to our network to proceed with its correct identification and, if not an authorized device, to take the corresponding measures. In this article, we will explain how to get a list of all devices connected to our network to find out if there are any intruders in it. The simple way to find out is by entering the router’s control panel and looking for a tag or a place where it says “Attached devices” or something similar. In many cases, it is possible that we do not have access to the router so we would have to look for other ways.
Detect computers in my local network from the console
The first step is to know what format the IPs of our network have. Open a console and type:
$ ifconfig
Which will show something like: ‹Here we see that the network has a format 192.168.1.X and that the broadcast IP (to find all the computers) is 192.168.1.255 (it is the one that comes just behind Bcast :).So with this data, we can do:
$ ping -b 192.168.1.255
This method does not always work because, for example, some computers do not respond to pings. In my local network does not answer any.
Detect computers with nmap
If you want to identify all the machines on your network (this can be useful especially if your network is wireless – wifi). At the console type: # nmap -sP Or can be: Nmap will display a result similar to this:
nmap -sP 192.168.0.0/24
Starting Nmap 4.20 (http://insecure.org) at 2017-08-18 11:45 ESTHost Router (192.168.0.254) appears to be up.Host pc (192.168.0.1) appears to be up.Host mac (192.168.0.2) appears to be up. We can see that for each device we have this information: Here we have the IP of the device, its MAC and some additional information (what appears in the parenthesis).Note: If we had not removed the list with sudo we would not have MAC addresses.
Final Word
‹Nevertheless, the intruder could return to try to access another equipment or changing the MAC address of its network card, since in some cases it is possible. So we should be aware of this happen again. We could also change MAC filtering so that it only connects to known MACs, so the network would be even more secure.