You might also be interested in "fing" and parsing its output... https://www.fingbox.com/download#

Sample from my system for one of my interfaces

[root@danda fing]# fing -n 192.168.2.0/24 -r 1

17:12:47 > Discovery profile: Default discovery profile

17:12:47 > Discovery class:   data-link (data-link layer)

17:12:47 > Discovery on:      192.168.2.0/24



17:12:47 > Discovery round starting.

17:12:47 > Host is up:   192.168.2.26

           HW Address:   68:05:CA:10:AF:A4 (Intel)

           Hostname:     danda-2.sraellis.com



17:12:47 > Host is up:   192.168.2.14

           HW Address:   00:1B:21:27:98:BD (Intel)

           Hostname:     alice-2.sraellis.com



17:12:47 > Host is up:   192.168.2.10

           HW Address:   F4:F2:6D:566:A0

           Hostname:     pamela-2.sraellis.com



17:12:47 > Host is up:   192.168.2.29

           HW Address:   00:01:6CAF:1B (FOXCONN)

           Hostname:     madeleine-2.sraellis.com



17:12:47 > Host is up:   192.168.2.34

           HW Address:   BC:5F:F4:88:905 (ASRock)

           Hostname:     may-2.sraellis.com



17:12:47 > Host is up:   192.168.2.33

           HW Address:   00:1F0:55:65:71 (GIGA-BYTE TECHNOLOGY)

           Hostname:     maria.sraellis.com



17:12:47 > Host is up:   192.168.2.35

           HW Address:   BC:5F:F4:88:905 (ASRock)

           Hostname:     kirstie-2.sraellis.com



17:12:47 > Host is up:   192.168.2.39

           HW Address:   58:20:B1:424:5C

           Hostname:     esther-2.sraellis.com



17:12:47 > Host is up:   192.168.2.11

           HW Address:   88:32:9B:25:55:E7

           Hostname:     note2-2.sraellis.com



17:12:47 > Host is up:   192.168.2.54

           HW Address:   00:22:B0:8E:E9:06 (D-Link)

           Hostname:     DIR-300.sraellis.com



17:12:48 > Discovery progress 25%

17:12:49 > Discovery progress 50%

17:12:50 > Discovery progress 75%

-------------------------------------------------------------------------------

| State | Host                              | MAC Address       | Last change |

|-----------------------------------------------------------------------------|

|  UP   | 192.168.2.10                      | F4:F2:6D:566:A0 |             |

|  UP   | 192.168.2.11                      | 88:32:9B:25:55:E7 |             |

|  UP   | 192.168.2.14                      | 00:1B:21:27:98:BD |             |

|  UP   | 192.168.2.26                      | 68:05:CA:10:AF:A4 |             |

|  UP   | 192.168.2.29                      | 00:01:6CAF:1B |             |

|  UP   | 192.168.2.33                      | 00:1F0:55:65:71 |             |

|  UP   | 192.168.2.34                      | BC:5F:F4:88:905 |             |

|  UP   | 192.168.2.35                      | BC:5F:F4:88:905 |             |

|  UP   | 192.168.2.39                      | 58:20:B1:424:5C |             |

|  UP   | 192.168.2.54                      | 00:22:B0:8E:E9:06 |             |

-------------------------------------------------------------------------------



17:12:52 > Discovery round completed in 4.743 seconds.

17:12:52 > Network 192.168.2.0/24 has 10/10 hosts up.



[root@danda fing]# -------------------------------------------------------------------------------

| State | Host                                                  | Last change |

|-----------------------------------------------------------------------------|

|  UP   | 192.168.0.1                                           |             |

|  UP   | 192.168.0.34                                          |             |

-------------------------------------------------------------------------------



17:13:18 > Discovery round completed in 63.088 seconds.

17:13:18 > Network 192.168.0.0/16 has 2/2 hosts up.



17:13:18 > Discovery stopped





[root@danda fing]# 

See https://www.fingbox.com/support for more options for the command-line tool.

Hi,

Thanks for the quick responses. I've set the devices that my family uses outside the dhcp range so they've static addresses with clearos. I'm working on learning how to segregate the networks (guest and secure) so that they're on different subnets and no connection between my servers/shares and the guest network. I know it's a bizarre request. I'm positive none of my neighbors are the hacking type, I live in a small logging community and I'd be lucky if my wifi hits 4 houses. I thought it'd be a cool little trick to clearos to have this feature is all. I'd like to keep the wifi open just because then guests of mine just use it. We've had the key in the fridge and everything before but I thought I'd this feature existed somehow I could use this.

So a little more technical background on this. I've a UniFi AP running the secure and open wifi, right now both get dhcp leases from clearos with the same subnet, however the devices that I and my family use have been placed outside the dhcp range so I'll know what devices are my own and which are guests or unwanted devices.

I hope that makes sense, what I'm ultimately looking for. I work in IT so I'm well aware of the dangers of open WiFi but I thought if I can combat it with some sort of notification everytime a DHCP lease is acquired I could see how well MAC address blocking works and if it proves ineffective then I can easily lock down the guest network. This is also quirky data that I like to see, so I wouldn't mind getting the notification every time something new joins the network.

I'm not too familiar with looking at anything Nick proposed or scripting but I'll look into it, thanks! If you guys or anyone else has suggestions I'd love to hear them.

Sorry - I don't understand this approach. I must be missing something. You go out for the day. You are constantly monitoring your phone/laptop etc in-case someone connects to your network. If they do, you now have to log into your system remotely to ban their MAC etc. Otherwise they could eat all your allowance. If they are clever they will change their MAC and log in again! Vicious loop :-( What happens when you are asleep? Surely if would be a lot simpler and more secure to close your WiFi and create an innovative password using 0-9 and A-F that is easy to type and give that to your quests. A friend of mine has it written on a small card and any approved :-) quests wanting access he just hands them the card temporarily. I don't know where you live, but neighbors are not the only problem. Here baddies cruising in cars using mobile devices are also looking for open WiFi spots. Finding one they park in the street, then download all sorts of nasty things using your account and against your name at your ISP, or have "fun" trying to hack your machines.

You may be able to get fail2ban to tell you, but I am not sure if it would differentiate between new and renewing leases but it can e-mail automatically when it finds something. Another alternative is to script something of dhclient-exit-hooks. Alos how does ClearOS differentiate between the two SSID's as that would be invisible to it. Another thought is to use rsyslog to suck in the logs from your WAP then run fail2ban against those logs. With luck those logs would carry both the SSID and MAC address.