Network Troubleshooting

If LAN Lens experiences slow discovery cycles, reveals fewer active devices than expected, or displays missing manufacturer names, it is typically governed by specific routing rules or router constraints in your current network. Use the blueprints below to diagnose these challenges.

1. Overcoming Active VPN Tunnel Conflicts

When you connect to an enterprise VPN (e.g., Cisco AnyConnect, NordVPN, WireGuard, Tailscale), the software creates a virtual network interface and modifies your operating system's routing tables.

By default, most VPN clients enforce **Force Tunneling** — directing 100% of all outbound network traffic through the remote VPN gateway. Because the VPN interface is isolated from your physical network adaptor, socket sweeps intended for your local router are redirected to the corporate office subnet or dropped completely, resulting in 0 local devices discovered.

Resolution: Configure Split Tunneling

To sweep your home subnet while remaining secure, open your VPN configuration settings and activate Split Tunneling or enable the switch labeled "Allow local network access". Alternatively, temporarily disconnect the VPN prior to executing sweeps.

2. Missing Device Names or Hostnames

If LAN Lens lists active IP and MAC addresses but leaves the "Hostname" field blank, it is because target devices are not replying to standard naming queries.

Common Naming Hurdles:

No DNS Records: Most home routers do not operate local DNS servers capable of binding custom DHCP leases to local domain hostnames.
Disabled NetBIOS/LLMNR: Modern operating systems (Windows 10/11 and macOS) disable legacy protocols like NetBIOS and Link-Local Multicast Name Resolution by default due to known security spoofing vectors.
Apple Sandbox Restrictions: iOS limits native sandboxed apps from performing reverse DNS queries on local sockets.

Resolution Blueprint:

Verify that devices are active on mDNS/Bonjour or UPnP/SSDP. LAN Lens will automatically pull names from Bonjour pointer advertisements (e.g., Apple-TV.local) or UPnP XML device description profiles to fill the gaps left by standard DNS lookups.

3. AP Client Isolation (Guest Networks)

If you execute a scan in a hotel, airport, or on a home router's guest SSID, you might discover only your own device and the primary gateway router.

This is caused by a security setting called **AP Client Isolation** (or WLAN Isolation). The access point's firmware blocks local client-to-client broadcasts and unicast sockets. Even though clients are associated with the same wireless radio, they are completely sandboxed from discovering or talking to each other.

Resolution Blueprint:

AP isolation cannot be bypassed from the client side, as it is enforced by the wireless hardware switch. To run audits, you must configure the router administration panel to disable client isolation, or switch your device connection to the primary, non-isolated Wi-Fi SSID.