Who's On My Wifi

Contact Information

• Home
  • Download
  • Purchase
  • Screen Shots

• Download
  • Update

• Purchase
  • Version Compare

• More Info
  • How It Works
  • Screen Shots
  • Additional Info
  • Blog

• Support
  • Installation
  • Update
  • FAQ
  • Support Forum

• Contact Us

Who Is On My Wifi detects intruders on your wireless network.
Download Now

Ultimate Edition for Corporate Networks only $199.95.
Purchase Now

Using the ARP Cache or ARP Table for Intrusion Detection

Because of the noisiness of sending out individual ARP requests during a scan, it has been asked why not simply rely on the existing computers ARP cache or ARP table for intrusion detection in the Who Is On My Wifi System. This is a great question.

The answer is this.

Sending out individual ARP requests is more reliable than reading the local ARP Table.

Reading the local ARP Cache is fine for small networks because when a new computer joins, it sends out an ARP broadcast notifying all computers that it has joined the network.

But in a large network of 200 computers, the ARP Cache of a single pc can be dirty and incomplete.

It will always be 100% accurate for a specific computer before it tries to send live packets to that computer.

But, if you imagine the situation where a computer is plugging in and unplugging from a network, if you check the local ARP cache, it will have no idea that the computer has been unplugged until you try to send data to it.

So, simply reading from the local ARP Cache is an unreliable means of seeing Who Is On A Network despite it's efficiency.

Return to Using ARP packets for Intrusion Detection.