In a large network with DHCP enabled, intrusions sometimes occur - third-party connections.
They need to be tracked. It is convenient to take pictures of the network - before and after.
In the article I talk about two ways to compile a list of computers (a network snapshot) - using nmap and arp-scan.

arp-scan

The best way to list PCs, in my opinion, is the utility arp-scan(http://www.nta-monitor.com/tools/arp-scan/), that's what I use. Advantages - scanning speed, convenient PC list format, MAC address detection.

A search of the standard repository shows that the arp-scan utility is available for installation:

apt-cache search arp-scan

output:

arp-scan - arp scanning and fingerprinting tool

Installation of the program is normal:

sudo apt-get install arp-scan

Usage - display a list of computers in the file ~/scan1.txt:

sudo arp-scan --interface=enp2s0 --localnet > ~/scan1.txt

Next, disconnect the port of the managed switch and repeat the scan:

sudo arp-scan --interface=enp2s0 --localnet > ~/scan2.txt

Comparing two files

diff ~/scan1.txt ~/scan2.txt

nmap

The nmap utility can also scan the network and compile a list of IP addresses:

sudo nmap -sP 192.168.0.0/24 | grep for | sed 's/Nmap scan report for //'

or this option:

sudo nmap -sP 192.168.0.0/24 | grep -oE '((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])'

What's next?

When the IP address is calculated, I launch arping for permanent operation.

arping 192.168.0.77

I turn it off - if the target is found 😇, the arping output is interrupted. I turn on the switch port

You can go to the socket corresponding to the switch port and see which bad person has connected. 😈.
But it’s better to first examine the traffic coming from the IP address using sudo wireshark 😏.

Sources:

1. arp-scan command: article on losst.ru
2. nmap command manual in Russian https://nmap.org/man/ru/:
3. Regular expression for ip address filter: stackoverflow.com
4. SED and text processing - article on habr.com

Related publications

Working with Flatpak or APT through a proxy server

Fixing Linux Mint boot problem with integrated Intel graphics card

Stop and disable TimeShift to save disk space

Troubleshooting L2TP/IPsec connection errors "Could not add IPsec connection" and "no acceptable traffic selectors found"

Hard disk partitioning for installing Linux Mint on an old PC with BIOS in GPT mode