I connect my hotspot through ap-hotspot and I can see the notifications pop out displaying new device connected , device disconnected. (Because I want to learn about privileges for access to use or not use the hotspot.)
How can I list the device connected through terminal?
arp -a should return you a list of all connected devices.
Show a list of devices: (replace <interface> with the interface name of your wifi interface)
iw dev <interface> station dump
If you don't know the name of your wifi interface, use this command to find out the interface name:
iw dev
If you want a more detailed list, I adapted this script for the ap-hotspot script that comes from webupd8:
#!/bin/bash
# show_wifi_clients.sh
# Shows MAC, IP address and any hostname info for all connected wifi devices
# written for openwrt 12.09 Attitude Adjustment
# modified by romano@rgtti.com from http://wiki.openwrt.org/doc/faq/faq.wireless#how.to.get.a.list.of.connected.clients
echo "# All connected wifi devices, with IP address,"
echo "# hostname (if available), and MAC address."
printf "# %-20s %-30s %-20s\n" "IP address" "lease name" "MAC address"
leasefile=/var/lib/misc/dnsmasq.leases
# list all wireless network interfaces
# (for MAC80211 driver; see wiki article for alternative commands)
for interface in $(iw dev | grep Interface | cut -f 2 -s -d" ")
do
# for each interface, get mac addresses of connected stations/clients
maclist=$(iw dev "$interface" station dump | grep Station | cut -f 2 -s -d" ")
# for each mac address in that list...
for mac in $maclist
do
# If a DHCP lease has been given out by dnsmasq,
# save it.
ip="UNKN"
host=""
ip=$(cat $leasefile | cut -f 2,3,4 -s -d" " | grep "$mac" | cut -f 2 -s -d" ")
host=$(cat $leasefile | cut -f 2,3,4 -s -d" " | grep "$mac" | cut -f 3 -s -d" ")
# ... show the mac address:
printf " %-20s %-30s %-20s\n" "$ip" "$host" "$mac"
done
done
Copy it to a file in your PATH, for example ~/bin/show_wifi_clients, make it executable with chmod +x, and enjoy.
This one also gets the mac vendors of the devices and can also label the mac of your devices. Requires Python3.6
#!/usr/bin/python3.6
import subprocess
import re
import requests
# Store Mac address of all nodes here
saved = {
'xx:xx:xx:xx:xx:xx': 'My laptop',
}
# Set wireless interface using ifconfig
interface = "wlp4s0"
mac_regex = re.compile(r'([a-zA-Z0-9]{2}:){5}[a-zA-Z0-9]{2}')
def parse_arp():
arp_out = subprocess.check_output(f'arp -e -i {interface}', shell=True).decode('utf-8')
if 'no match found' in arp_out:
return None
result = []
for lines in arp_out.strip().split('\n'):
line = lines.split()
if interface in line and '(incomplete)' not in line:
for element in line:
# If its a mac addr
if mac_regex.match(element):
result.append((line[0], element))
return result
def get_mac_vendor(devices):
num = 0
for device in devices:
try:
url = f"http://api.macvendors.com/{device[1]}"
try:
vendor = requests.get(url).text
except Exception as e:
print(e)
vendor = None
except Exception as e:
print("Error occured while getting mac vendor", e)
num += 1
print_device(device, num, vendor)
def print_device(device, num=0, vendor=None):
device_name = saved[device[1]] if device[1] in saved else 'unrecognised !!'
print(f'\n{num})', device_name, '\nVendor:', vendor, '\nMac:', device[1], '\nIP: ',device[0])
if __name__ == '__main__':
print('Retrieving connected devices ..')
devices = parse_arp()
if not devices:
print('No devices found!')
else:
print('Retrieving mac vendors ..')
try:
get_mac_vendor(devices)
except KeyboardInterrupt as e:
num = 0
for device in devices:
num += 1
print_device(device, num)
If you want to maintain a list authorized MAC addresses manually.
This software is used for monitoring ethernet networks. It listens on a network interface (without using 'promiscuous' mode) and catches all conversations of MAC address to IP request. It then compares the mac addresses it detected with a pre-configured list of authorized MAC addresses. If the MAC is not in list, arpalert launches a pre-defined user script with the MAC address and IP address as parameters. This software can run in deamon mode; it's very fast (low CPU and memory consumption). It responds at signal SIGHUP (configuration reload) and at signals SIGTERM, SIGINT, SIGQUIT and SIGABRT (arpalert stops itself).
sudo apt install arpalert
cp /etc/arpalert/arpalert.conf ~/.config/ # read it for more info
arpwatch (apropos arpwatch/dpkg -L arpwatch | grep bin for its commands) could also help with those arp spoofing attacks.
With nmap:
nmap -sn 10.0.0.0/24
With ip (modern alternative to arp):
ip neigh show
Where 10.0.0.0/24 is your LAN mask, check ip addr. -sn: Ping Scan - disable port scan (check nmap man page).
I connected my phone to the network and used the awesome Fing app (for Android and iPhone) to scan the clients connected.
