When I use arping to send ARP request(I know a sleeping iPhone doesn't reply to ICMP ping) to sleeping iPhones/Androids(means they are on but the screen is dark) connected on the same wifi, the iPhone replies to me like this:
ARPING 10.109.201.139
Timeout
Timeout
Timeout
42 bytes from e0:ac:cb:b0:22:5b (10.109.201.139): index=0 time=20.201 msec
Timeout
Timeout
Timeout
Timeout
Timeout
Timeout
Timeout
Timeout
Timeout
Timeout
42 bytes from e0:ac:cb:b0:22:5b (10.109.201.139): index=1 time=65.401 msec
Timeout
but occasionally, the iPhone replies continually. Sometimes it doesn't answer the arping at all. Android answers like so:
ARPING 10.109.201.119
Timeout
42 bytes from c0:ee:fb:01:f4:fd (10.109.201.119): index=0 time=78.345 msec
42 bytes from c0:ee:fb:01:f4:fd (10.109.201.119): index=1 time=148.228 msec
42 bytes from c0:ee:fb:01:f4:fd (10.109.201.119): index=2 time=217.777 msec
42 bytes from c0:ee:fb:01:f4:fd (10.109.201.119): index=3 time=84.933 msec
Timeout
42 bytes from c0:ee:fb:01:f4:fd (10.109.201.119): index=4 time=174.140 msec
42 bytes from c0:ee:fb:01:f4:fd (10.109.201.119): index=5 time=78.559 msec
It seems Android is more positive. So what's the strategy of iPhone/Android responding to ARP request(This post may be related)? May home-grade routers be related to this?
Actually I'm writing an ARP scanner with libpcap(I can provide the golang code if that helps), so how can I detect phones as much as possible?
ps: I know this question is kind of off-topic, but it really annoys me where I should put this question, Super User doesn't allow questions about phones, Ask different is not proper as this question is not only about Apple hardware or software. I put it on networkengineering, but it's put on hold as off-topic.