I notice that some of the better network discovery apps like Fing for iOS and iNet for Mac are able to discover the device name of iOS devices and Mac devices even when they are not advertising Bonjour services such as iTunes Wi-Fi Sync. How is this done? I am aware of how to do a reverse mDNS query https://serverfault.com/questions/143184/how-do-i-get-the-machine-name-from-an-ip-via-multicast-dns. But while a reverse mDNS lookup (at least as accomplished by the dig command dig -x the.ip @224.0.0.251 -p 5353
) will work against a Mac that is not otherwise broadcasting any Bonjour services, it doesn't work unless Wi-Fi Sync is running or some other Bonjour service on an iOS device. I am not sure how to get the name otherwise but these apps reliably get it. I used Wireshark while iNet was discovering and I only see ICMP and NetBios queries all which return 0 answers.
Also note that I have the IP address of the device already by doing a broadcast ping and then parsing the ARP table. I want to discover which of the devices discovered in this way are iOS devices by getting their device name and looking for the string "iPhone" or "iPad".
Also note that the iNet app website provides the following about how they do reverse IP lookups. I take this to mean they do a reverse DNS lookup and a reverse mDNS lookup for every IP.
Reverse IP lookups (hostnames) are performed as unicast and multicast queries for every IP found.
-http://www.bananaglue.de/inet/index_e.php
Have you tried the dns-sd command line tool?
If you type dns-sd -B _services._dns-sd._udp
to get all available services, you'll see there's a _whats-my-name
service available.
$ dns-sd -B _services._dns-sd._udp
Browsing for _services._dns-sd._udp
DATE: ---Tue 16 Dec 2014---
14:38:30.746 ...STARTING...
Timestamp A/R Flags if Domain Service Type Instance Name
14:38:30.747 Add 3 5 . _tcp.local. _nfs
14:38:30.747 Add 3 5 . _tcp.local. _afpovertcp
14:38:30.747 Add 3 5 . _tcp.local. _smb
14:38:30.747 Add 2 0 . _tcp.local. _whats-my-name
14:38:31.330 Add 3 10 . _tcp.local. _nfs
14:38:31.330 Add 3 10 . _tcp.local. _afpovertcp
14:38:31.330 Add 2 10 . _tcp.local. _smb
after that we can query for this service which outputs the following:
$ dns-sd -B _whats-my-name._tcp
Browsing for _whats-my-name._tcp
DATE: ---Tue 16 Dec 2014---
14:40:20.738 ...STARTING...
Timestamp A/R Flags if Domain Service Type Instance Name
14:40:20.742 Add 2 0 local. _whats-my-name._tcp. Blub MacBook Pro
The Instance Name
is the interesting part here. I assume the _whats-my-name
service is available on every computer running bonjour. Maybe you can hunt down the sent queries and reconstruct it with basic bash tools if you can't access dns-sd in every case. More over you should not use dns-sd in your script. Instead you should use a specific implementation of the protocol for your programming language.
Note: Be aware that the name of the device may not be reliable to detect which device you are communicating with
Hope that helps.