So just to update for visibility to the forum - Trendy recommended the following script as it is more strict and should point only the lan host which is using the mac of the router, if any.
tcpdump -i br-lan -evn '(ether src host THE_MAC_HERE) and (not src host 192.168.78.1) and (src net 192.168.78.0/24)'
I've let the script run for around 4 hours but unfortunately it didn't pick up any results at all.
Any other suggestions would be most welcome!
Thanks again