I live in the CLI, but when it came to discovery and monitoring, I found it limiting. So I built a GUI that brings my favorite tools together in one place.

PingStalker started because I wanted to know if something on the network was scanning my machine. I also wanted quick access to core details—external IP, Wi-Fi data, and local topology. Then I wanted more: fast, reliable scans using ARP tables and ICMP.

As a Wi-Fi engineer, I couldn’t stop there. I kept adding ways to surface what’s actually going on behind the scenes.

A few highlights:

- Performs ARP, ICMP, mDNS, and DNS scans to discover every device on your subnet, showing IP, MAC, vendor, and open ports.

- Continuously monitors selected hosts (“live ping”) to visualize latency spikes, missed pings, and reconnects.

- Detects VLANs on trunk or hybrid ports, exposing when your Mac is sitting on a tagged interface.

- Captures just the important live traffic — DHCP events, ARP broadcasts, 802.1X authentication, LLDP/CDP neighbor data, ICMP packets, and off-subnet chatter — to give you a real-time pulse of your network.

- Decodes mDNS traffic into human-readable form (that one took months of deep dives, but the output is finally clear and useful).

- Built my own custom vendor-logo database: I wrote a tool that links MAC OUIs with their companies, fetches each vendor’s favicon, and stores them locally so scan results feel alive and recognizable.

Under the hood it’s written in Swift. It uses low-level BSD sockets for ping and ARP, plus Apple’s Network framework for interface enumeration. The rest relies on familiar command-line tools. It’s fast.

I’d love feedback from anyone who builds or uses network diagnostic tools:

- Does this fill a gap you’ve run into on macOS?

- Any ideas for improving scan speed or how traffic events are visualized?

- What else would you like to see?

Details and screenshots: https://pingstalker.com

Happy to answer any technical questions about the implementation, Swift APIs, or macOS permission model.