Show HN: Whosthere: A LAN discovery tool with a modern TUI, written in Go

Posted by rvermeulen98 1/23/2026

Show HN: Whosthere: A LAN discovery tool with a modern TUI, written in Go(github.com)

278 points | 89 comments

rvermeulen98 1/23/2026|

I've been working on a LAN discovery tool with a Terminal User Interface (TUI) written entirely in Go. It's called Whosthere, and it's designed to help you explore devices on your local network without requiring elevated privileges.

It works by combining several discovery methods:

- mDNS and SSDP scanning

- ARP cache reading (after triggering ARP resolution via TCP/UDP sweeps)

- OUI lookups to identify device manufacturers

It also includes:

- A fast, keyboard-driven TUI (powered by tview)

- An optional built-in port scanner

- Daemon mode with a simple HTTP API to fetch devices

- Configurable theming and behavior via a YAML config file

Why I built it:

Mainly to learn, I've been programming in Go for about a year now and wanted to combine learning Go with learning more about networking in one single project. I've always been a big fan of TUI applications like lazygit, k9s, and dive. And then the idea came to build a TUI application that shows devices on your LAN. I am by no means a networking expert, but it was fun to figure out how ARP works, and discovery protocols such as mDNS and SSDP.

Example usage:

---

# install via HomeBrew brew tap ramonvermeulen/whosthere brew install whosthere

# or with go install go install github.com/ramonvermeulen/whosthere@latest

# run as TUI whosthere

# run as daemon whosthere daemon --port 8080

---

I'd love to hear your feedback, if you have ideas for additional features or improvements that is highly appreciated! Current platform support is Linux and MacOS.

nickcw 1/23/2026||

Very nice tool :-)

It would be great it it could show the reverse lookup of the IPs as on my LAN everything has a name and if it hasn't then it is probably an interloper!

N3802E 1/23/2026|||

This looks great! I've been searching for something like this for ever.

Some feedback of what I found on my network, as compared to some other scanners I've used.

I've never seen anything that can beat Advanced IP Scanner at finding hostnames. I've never even found a way to get arp or nmap to get close to Advanced IP Scanner; I've tried dozens of suggested commands of each, all with no luck. Here's the results of my scans:

Alive hosts: 309

Unkown: 201

With hostnames: 80

https://www.advanced-ip-scanner.com/

####################################

I also tried a program called Angry IP Scanner:

Hosts scanned: 510

Hosts alive: 315

With hostnames: 75

https://angryip.org/

####################################

whosthere

Devices: 318

With hostnames: 54

genericacct 1/23/2026|||

Installed on raspbian, works wonders, much better than the thing i vibecoded yesterday. One feature I'd like: recording new arrivals to a log with all the info so it can be used as a barebones IDS

alphax314 1/23/2026|||

Looks great!! I had the same idea a few days ago and am so glad you posted this now! I will be using it and will let you know of any feedback. So far works great on my network!

M95D 1/23/2026||

Why the X11 dependency if it's a TUI? I was expecting ncurses.

bestham 1/23/2026||

It says in the read me that X11 is required for clipboard functionality.

mmh0000 1/23/2026||

There's a famous quote:

  Those who cannot remember nmap are condemned to remake it poorly

Rootless nmap scan of a /24 in under 10 seconds:

  nmap -T5 -sn -PR --script broadcast-dns-service-discovery,broadcast-upnp-info 10.0.0.0/24
  …SNIP…
  Nmap done: 256 IP addresses (30 hosts up) scanned in 9.99 seconds

https://nmap.org/book/toc.html

zbentley 1/23/2026||

I like nmap and use it often. The linked tool seems to be doing different or additional things vs nmap.

What makes you think it’s not learning from/remembering nmap?

mmh0000 1/23/2026||

That nmap command does the same thing as the author's command, except for the UI, for which there are dozens of nmap-uis available.

sally_glance 1/23/2026||

But you've got to admit that OPs tool does it quicker, except if you like to memorize flags or already have a script specifically for this. And it's much nicer on the eye than most (all?) nmap-guis out of the box.

andrewxdiamond 1/23/2026||

It does it quicker if you already have this tool installed. nmap is everywhere.

rvermeulen98 1/23/2026||

The goal has never been to create something that can replace nmap, the goal was to learn more about networking and about building TUIs in Go. Honestly I am quite overwhelmed by the amount of traction it got today, definitely not what I expected.

I am very grateful for all the feedback and suggestions, and I will take my time to evaluate every comment. In the coming weeks I will try to implement most of the feedback and do releases to improve the tool further, thanks everyone!

gerdesj 1/24/2026||

LLDP and CDP would like a chat

84634E1A607A 1/23/2026||

Overall good work. I'd request an `-i` command-line parameter to specify the interface to scan (and I'd prefer ALL params being able to be read from command line params). I think it just performs a full scan initially on my laptop, following scans either didn't success or didn't involve TCP connect scan (I don't see ARP requests after the initial scan).

rvermeulen98 1/23/2026|

That's correct. To avoid overloading the local network, the initial scan has a built-in safeguard:

1. It only scans the subnet of the configured network interface.

2. The scan is limited to a maximum size of a /16 subnet.

3. It runs just once every 5 minutes (this interval should be made configurable, currently still hardcoded).

If a subnet larger than /16 is configured, whosthere will log a warning and only scan the first /16 portion of that subnet. As of now the network interface itself is configured via the YAML file. I agree it would be a good idea to add command-line flags for more of these settings to make them easier to adjust.

yu3zhou4 1/24/2026||

This is hilarious, 5 years ago I built a very similar cli tool based on the same idea and with the same name (whosthere but in Polish, ktotu [0]). I wonder if you used AI to generate the project and the idea

Congrats for the execution, it looks more complete and feature rich and Go is a better choice for sure

[0] https://github.com/jmaczan/ktotu

mrcaramelpants 1/23/2026||

Surely a missed opportunity to name it “whogoesthere”

adzm 1/23/2026|

I was thinking more along the lines of whodat

pinkmuffinere 1/24/2026|||

When i saw the name I read it as "whost here", and was exceptionally confused.

cassianoleal 1/25/2026|||

Or perhaps “New phone who dis?”

zahlman 1/23/2026||

Does the Go standard library have unusually good TUI support or something? Am I just imagining the pattern of new TUIs being written in Go?

cpuguy83 1/23/2026||

It compiles fast, starts up fast, and doesn't have a ton of hoops to jump through (ie borrower/checker in rust).

pstuart 1/23/2026|||

No, it really doesn't have anything TUI focused in stdlib. I get the reason why but it would be cool if they had something foundational in golang.org/x/

This project appears to be using github.com/rivo/tview which is is really solid.

jen20 1/23/2026|||

The standard library doesn't have much for this, but Bubble Tea https://github.com/charmbracelet/bubbletea is behind many of the better Go TUIs. This one is using https://github.com/rivo/tview.

awesome_dude 1/23/2026|||

Bubbletea has the unfortunate side effect of enforcing style/architecture on a project

Much like cobra (or was it viper) did for CLI switches

This is cool if that's what you like, but if you have your own thinking on layout/architecture then you're in for a world of pain.

I use rivo/tview in my projects, and like it, but it's not without its "quirks"

pstuart 1/23/2026||||

The charmbracelet folk are quite, um, charming, but when I tried to work with bubble tea on a multi pane project I found it unwieldy -- tview seemed much more straightforward.

fulafel 1/24/2026|||

Bubbletea can spell Go, an encouraging indicator vs tview.

jasonjmcghee 1/23/2026||

Big missed opportunity to call it “Whose LAN is it anyway?”

apitman 1/23/2026||

Have you tried it on Tailscale at all? Could be super useful but sadly TS doesn't support mDNS: https://github.com/tailscale/tailscale/issues/1013

gerdesj 1/24/2026||

Good skills - you are well on the way to Engineer with a capital E.

You cannot see network traffic.

You'd be amazed at how many people think they can diagnose a network fault without using tools like this. Everyone is an expert until they prove themselves to be a bit of a twit!

At layer 1 you have electrical issues to deal with and that will need some hardware. Obviously you need to pick your network model too. Here you'll go in with a couple of PCs/laptops and APIPA and/or a Fluke or a cheap network tester effort off of Amazon. Use what you have available.

After that you will need nmap and wireshark. LLDP and CDP are very handy too.

If you have to deal with a large network, I can highly recommend Netdisco.

vzaliva 1/23/2026|

I am not a golang user. If I install as recommended via `go` command on Linux how do I make sure it is updated when new versions are released? I wish it has a .deb package..

zahlman 1/23/2026||

> I wish it has a .deb package..

Generally speaking, the Debian package management system is really not a place I would look for prompt updates when new versions of software are released.

foresto 1/23/2026|||

You might be confusing the .deb package format with the release cadence of the Debian Stable distribution.

mzajc 1/23/2026|||

Why not? It works roughly the same as any other binary distribution format. Given that the project is written in go, it's also unlikely to have many dynamically linked dependencies.

sneak 1/23/2026|||

“go install” does not have an update mechanism. I imagine most people using it would consider such an anti-feature; it is not a package manager.

I certainly don’t want programs I “go install” to change underneath me without notice or review. That’s basically handing ownership of your computer to a remote developer.

esseph 1/24/2026||

> That's basically handling ownership of your computer to a remote developer.

System / application package updates??

sneak 1/24/2026||

Compare the security resources of the median OS publisher with the median go package publisher.

An OS update from Debian, Apple, or Microsoft is not the same thing as a new version tag on a random go CLI app made by one person (or even a team of people).

Furthermore, while it is becoming much more common for OS package managers to autoupdate apps, it still isn’t the default state of affairs for most apps. OS updates are a different matter.

In any case, even without these comparisons, handing RCE to 20 organizations/developers/publishers is worse than handing it to 1 or 2.

yobert 1/23/2026||

Just `git pull` and `go build` should work!

vzaliva 1/25/2026||

this does not scale if you have 20-30 small utilities installed on your system.

More comments...