A new Go-based LAN discovery tool uses clever ARP cache manipulation to map your network without elevated privileges, while offering a polished terminal interface for real-time device monitoring.
Network administrators have a fundamental question that repeats every time they connect to a new network: "What devices are actually on this network with me?" Traditional tools like nmap require root privileges for most useful scans, and the output is often a wall of text that's hard to parse in real-time. Whosthere, a recently released open-source tool, attempts to solve both problems with a modern terminal user interface and a privilege-free scanning approach.
Privilege-Free Discovery Through ARP Manipulation
What makes Whosthere interesting isn't just its interface—it's the scanning methodology. The tool performs unprivileged, concurrent scans using mDNS and SSDP scanners, then sweeps the local subnet by attempting TCP/UDP connections to trigger ARP resolution. This technique populates the ARP cache without requiring elevated privileges, then reads that cache to identify devices.
This approach sidesteps a major limitation of traditional network scanners. Most port scanning and device discovery operations require root access because they need to craft raw packets or listen to promiscuous network traffic. Whosthere's method works in user space by exploiting how operating systems naturally build their ARP tables when connections are attempted. When you try to connect to an IP address—even if the connection fails—the system adds an ARP entry if that device responds.
The trade-off is that this method might miss devices that don't respond to any connection attempts, or that are isolated on different network segments. But for typical home and small office networks, it provides a reasonable snapshot without the security risks and complexity of running privileged operations.
Terminal Interface as First-Class Citizen
Unlike many network tools that bolt on a TUI later, Whosthere's terminal interface appears designed from the ground up. The tool provides keyboard-driven navigation (vim-style bindings with j/k for movement, g/G for top/bottom), inline search, and modal detail views. Device information includes IP addresses, hostnames, and manufacturer data from OUI lookups.
The interface supports runtime theme switching with CTRL+t, offering multiple color schemes including a "cyberpunk" theme for those who want their network monitoring to look like a 90s hacker movie. Configuration happens through YAML files, with the tool looking for configs in standard XDG locations.
Integrated Port Scanning with Caveats
Whosthere includes an optional port scanner that can probe discovered devices for open services. The default configuration scans a comprehensive list of common ports covering everything from SSH (22) and HTTP (80) to databases (3306, 5432) and container orchestration (9090, 9200).
The tool includes a notable disclaimer: "only scan devices with permission!" This isn't just polite etiquette—unauthorized port scanning can violate computer fraud laws in many jurisdictions. The tool's design philosophy emphasizes using it on your own networks where you have explicit permission.
Daemon Mode and API Integration
For automation scenarios, Whosthere can run as a daemon with a simple HTTP API. Endpoints include /devices for listing all discovered hosts, /device/{ip} for detailed information, and /health for monitoring. This enables integration with other tools or dashboards, turning Whosthere into a continuously updating network inventory service.
The daemon mode runs in the background while the TUI provides real-time visibility. This separation acknowledges different use cases: interactive exploration versus automated monitoring.
Cross-Platform Limitations and Dependencies
Currently, Whosthere supports Linux and macOS. Windows support is marked as "maybe in the future" with contributions welcome. The clipboard functionality has platform-specific requirements: Linux needs X11 libraries (or XWayland for Wayland users), while macOS and Windows work out of the box.
The tool is written in Go and can be installed via Homebrew tap, go install, or built from source using the provided Makefile.
Community and Development Model
The project welcomes contributions through GitHub issues and pull requests, with a request to discuss major changes before implementation. This suggests a maintainer who values architectural coherence over rapid feature accumulation.
The Broader Pattern
Whosthere fits into a growing trend of modern CLI tools that prioritize user experience alongside functionality. Similar to tools like bat (a cat alternative with syntax highlighting) or exa (a modern ls replacement), it recognizes that terminal tools don't need to feel like 1980s utilities. The focus on visual clarity and interactive exploration reflects how developers increasingly expect command-line tools to be as thoughtfully designed as their GUI counterparts.
The tool's approach to privilege escalation—working around it rather than demanding it—also represents a pragmatic shift. As systems become more locked down and security-conscious, tools that can provide value without elevated permissions will have a natural advantage.
For network administrators, security researchers, or just curious home users, Whosthere offers a way to answer the question "who's there?" without dropping to root or parsing cryptic nmap output. The source code is available at github.com/ramonvermeulen/whosthere.
Comments
Please log in or register to join the discussion