Poor Man’s device discovery (DNS)

Mike Green
Aug 4, 2016 · 7 min read


# If you don’t want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
# Add other name servers here, with domain specs if they are for
# non-public domains.


# mac-vendor.txt — Ethernet vendor file for arp-scan
# This file contains Ethernet vendor mappings for arp-scan. These are used
# to determine the vendor for a give Ethernet interface given the MAC address.
# Each line of this file contains a MAC-vendor mapping in the form:
# <MAC-Prefix><TAB><Vendor>
# Where <MAC-Prefix> is the prefix of the MAC address in hex, and <Vendor>
# is the name of the vendor. The prefix can be of any length from two hex
# digits (one octet) to twelve hex digits (six octets, the entire Ethernet
# hardware address).
# For example:
# 012345 would match 01:23:45:xx:xx:xx, where xx represents any value;
# 0123456 would match 01:23:45:6x:xx:xx; and
# 01234567 would match 01:23:45:67:xx:xx.
# …truncated…
# The alphabetic hex characters [A-F] must be entered in upper case.
# The order of entries in this file are not important.
# arp-scan will attempt to match larger prefixes before trying to match
# smaller ones, and will stop at the first match.
# Blank lines and lines beginning with “#” are ignored.
# Additional information is available on the arp-scan wiki at
# http://www.nta-monitor.com/wiki
B82734FAB128 raspberrypi.home
~# ifconfig eth0 | grep HWaddr
eth0 Link encap:Ethernet HWaddr b8:27:34:fa:b1:28
~# arp-scan -l -m /etc/mac-dns.txt
Interface: eth0, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8.1 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/) b8:27:34:fa:b1:28 raspberrypi.home…(truncated output)…14 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.8.1: 256 hosts scanned in 2.584 seconds (99.07 hosts/sec). 11 responded

Putting it together

# or if you want it to read another file, as well as /etc/hosts, use
# this.
arp-scan -l -m /etc/mac-dns.txt | head -n-3 | tail -n+3 | cut -f1,3-
*/15 * * * * arp-scan -l -m /etc/mac-dns.txt | head -n-3 | tail -n+3 | cut -f1,3- > /etc/hosts.home && pkill -SIGHUP dnsmasq
~# dig raspberrypi.home; <<>> DiG 9.9.5–9+deb8u6-Raspbian <<>> raspberrypi.home
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13944
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;raspberrypi.home. IN A;; ANSWER SECTION:
raspberrypi.home. 0 IN A;; Query time: 8 msec
;; WHEN: Thu Aug 04 22:25:23 CEST 2016
;; MSG SIZE rcvd: 61



Myatu’s Tech Blog, from the site that has been wasting bits and bytes daily, since 2008.

Mike Green

Written by

I keep servers happy, and they keep me happy.



Myatu’s Tech Blog, from the site that has been wasting bits and bytes daily, since 2008.