as to sniffing there is NOTHING to install its right there, diagnostics packet capture. Or from cmd line tcpdump
Or just install arpwatch if you want a database of macs and IPs… Even when the IP is not on your local network IP range.. But sure you might only get the mac of the downstream router that sent you the packet.
"You never know the MAC or ARP address of the remote device not directly on your network."
No shit really??? You earn the captain obvious badge of the day ;) heheeheh
Here I turned on arpwatch on my wan interface by mistake yesterday for a few minutes... You can see all the foreign to my network on that interface that arpwatch reports on, it lists them as bogon because they are not in the network space of the interface its listening on.
You will notice that mac it gives matches up to my isp cable modem which is what I see my gateway mac as.. 2nd attachment is the arp table from pfsense.
edit: pretty slick, I installed ssmtp on pfsense and now I am getting emails from arpwatch.. Has the hostname, has the mac and even gives me the vendor, etc. See 3rd attached
outsidenetwork.png
outsidenetwork.png_thumb
ispdevice.png
ispdevice.png_thumb
emailnotification.png
emailnotification.png_thumb