Resolve all unknown devices on your network. Run on your filrewall, assumes DNS names with dhcp in it to be unknown devices and then resolves the owner of the MAC address space.

mac-resolve.sh

#!/bin/bash

PREFIX=dhcp
if [ ! -z "$1" ]; then
        PREFIX="$1"
fi

if [ ! -f /tmp/macdb ]; then
        curl 'https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf' > /tmp/macdb
fi

# Ping all IPs to weed out dead IPs since ARP may be old
echo 'Pinging all unknown IPs, please wait'
for IP in $(arp -a | grep -v incompl | grep "$PREFIX" | egrep -oe '[12][0-9]{0,2}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort | uniq); do
        echo "  $IP"
        ping -c 1 -w 1 -q $IP >/dev/null 2>/dev/null
done
echo 'Done, resolving real IPs'

MACS=$(arp -a | grep -v incompl | grep "$PREFIX" | egrep -oe '[0-f]{2}:.{14}' | sort | uniq)

COUNT=0
for MAC in ${MACS}; do
        COUNT=$(($COUNT + 1 ))
        WHOIS="$(grep -i "${MAC:0:8}" /tmp/macdb | cut -f 3)"
        if [ -z "$WHOIS" ] ; then
                WHOIS="$(grep -i "${MAC:0:8}" /tmp/macdb | cut -f 2)"
        fi
        if [ -z "$WHOIS" ] ; then
                WHOIS=$MAC
        fi
        HASIPS="$(arp -a | grep -v incomp | grep ${MAC} | egrep -oe '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}+')"
        for HASIP in $HASIPS; do
                echo "${MAC} | ${HASIP} belongs to ${WHOIS}"
        done
done
echo "Found $COUNT devices which had no assigned DNS name"