whosthere

Product Introduction

1. Definition: Whosthere is a free, open-source Local Area Network (LAN) discovery and network analysis tool, specifically a Terminal User Interface (TUI) application written in the Go programming language. It functions as an unprivileged network scanner and device inventory manager.
2. Core Value Proposition: Whosthere exists to provide network administrators, IT professionals, and tech enthusiasts with an intuitive, fast, and user-space tool for discovering and understanding all devices connected to a local network without requiring administrative or root privileges. It answers the fundamental network security and management question: "Who's there on my network?"

Main Features

1. Multi-Protocol Concurrent Network Discovery: Whosthere performs fast, unprivileged network scans by concurrently employing three distinct discovery methods. The mDNS scanner discovers devices like Apple products, printers, and smart home gadgets. The SSDP scanner identifies UPnP devices such as media servers, routers, and IoT appliances. The ARP cache sweeper intelligently populates the system's ARP table by attempting lightweight TCP/UDP connections to local subnet addresses, then reads the cache to find responsive hosts, a technique that requires no elevated permissions.
2. Interactive Terminal User Interface (TUI): Built with a TUI library, it provides a keyboard-navigable interface for real-time exploration of discovered devices. Features include live filtering via regex search, detailed device views showing IP, MAC, hostname, manufacturer, and first/last seen timestamps, and configurable theming for visual customization.
3. Integrated Service Discovery & Daemon Mode: Includes an optional, permission-based port scanner that probes a defined set of common TCP ports (e.g., 22/SSH, 80/HTTP, 443/HTTPS, 3389/RDP) on discovered hosts to identify running services. It also offers a daemon mode that runs continuously in the background, exposing a simple RESTful HTTP API (GET /devices, GET /device/{ip}) for integration into other network monitoring or home automation tools.

Problems Solved

1. Pain Point: The lack of visibility into connected devices on a local area network, which is a critical security vulnerability and an administrative hassle. Traditional methods like checking a router's DHCP list are often incomplete, and professional network scanners like Nmap require sudo/administrator rights and can be complex for casual use.
2. Target Audience: Home network users, small office IT administrators, cybersecurity students, developers working on network applications, and IoT hobbyists who need a simple, effective way to audit their network for unauthorized devices, troubleshoot connectivity issues, or maintain a device inventory.
3. Use Cases: Identifying unknown or rogue devices on a home Wi-Fi network; auditing network device inventory after adding new smart home IoT products; troubleshooting by verifying if a device is active and on the network; educational tool for learning about network protocols (ARP, mDNS, SSDP); and as a lightweight background service for other tools to query network state.

Unique Advantages

1. Differentiation: Unlike Nmap, Whosthere requires no special privileges (sudo/root), making it safer and easier to run. Compared to router admin pages, it provides a more comprehensive, real-time, and protocol-diverse view. Versus other LAN scanners, its combination of a polished TUI, concurrent multi-method scanning, and optional API daemon mode is unique.
2. Key Innovation: Its hybrid, user-space discovery methodology is key. By combining passive listening (mDNS/SSDP) with an active, low-privilege ARP cache stimulation technique, it achieves broad device discovery without ever needing to send raw packets or run as root. The OUI (Organizationally Unique Identifier) lookup integration automatically enriches MAC addresses with manufacturer names, turning raw data into immediately useful information.

Frequently Asked Questions (FAQ)

1. Does Whosthere require admin or root permissions to run? No, Whosthere is specifically designed as an unprivileged network scanner. It operates entirely in user-space by leveraging standard network APIs and clever techniques like stimulating the system's ARP cache, eliminating the need for sudo, root, or Administrator access.
2. How does Whosthere discover devices without scanning every IP address? Whosthere uses a multi-pronged approach. It listens for multicast announcements from devices using mDNS and SSDP protocols. For silent devices, it performs a targeted "sweep" that triggers your system's own ARP resolution process, then reads the resulting ARP table. This is more efficient and less intrusive than a full port scan of every IP.
3. Can I use Whosthere to scan networks remotely or over the internet? No, Whosthere is designed specifically for Local Area Network (LAN) discovery. It discovers devices on the same local subnet or broadcast domain as the host it is running on. It is not a tool for wide-area network or internet scanning.
4. What is the difference between the TUI mode and the daemon mode? The interactive TUI mode is for direct human use, providing a real-time, visual interface for exploration. The daemon mode runs whosthere as a background service that continuously scans and exposes the discovered device data via a simple HTTP API (JSON), allowing it to be integrated into dashboards, monitoring systems, or automation scripts.
5. Is it safe to use the port scanner feature on any network? You should only use the port scanner on networks where you have explicit permission to probe devices. Unauthorized port scanning can be considered hostile activity. The feature is designed to be used ethically, such as for auditing your own devices to check for unexpectedly open services.