That's something to be careful with - anyone who pulled a stunt like that on my
network would get the plug pulled on their connection in a heartbeat, and not just because it happens to be the first step of several DoS attacks. It's also not the most reliable method:
- A machine's arp cache is only of finite size, so you can only capture so many addresses
- Since every machine will be answering all at once, there's a very good chance that some of the replies will just get dropped
- Any machines that are behind a router, will simply appear with the routers mac address if the router even passes the packet at all.
The approach of running a prog on each station that reports back the mac to a central server is probably the most reliable and network-friendly way to go.