Scanning You Local Network for Connected Devices Using NMAP
Have you ever wanted to see what devices are connected to your network? Or perhaps you’ve set up a new device but are unsure of its hostname or IP address. Well, you can find all devices connected to your local network by using the network mapper command-line tool nmap
.
The first step is to find out your local address range:
- On Mac or Linux open up a terminal and type:
ifconfig
This should give you a list of the addresses of all interfaces on your local machine. Look for wlan
or something similar if connected to wi-fi, or eth<num>
or enp<num>s<num>
if connected via Ethernet. In my case it’s the enp10s0
block I want to look at because I’m connected via Ethernet.
enp10s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.13 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 2644:3d19:a970:3d0:ad22:577a:3006:b540 prefixlen 64 scopeid 0x0<global>
inet6 2644:3d19:a970:3d0::b67d prefixlen 128 scopeid 0x0<global>
inet6 fe80::62fd:cf35:d198:d993 prefixlen 64 scopeid 0x20<link>
inet6 2644:3d19:a970:3d0:c0d1:df09:9547:e842 prefixlen 64 scopeid 0x0<global>
ether 71:86:c3:50:70:80 txqueuelen 1000 (Ethernet)
RX packets 12648968 bytes 11759474140 (11.7 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9634151 bytes 5991988274 (5.9 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
The line we’re interested in is:
inet 10.0.0.13 netmask 255.255.255.0 broadcast 10.0.0.255
This shows that I’m on the 24-bit block private IPv4 address range: 10.0.0.0
– 10.255.255.255
.
We also want to look at the netmask field. In my case, the network mask is 255.255.255.0
which is /24
using CIDR notation. (255.255.255.0
is 11111111.11111111.11111111.0000000
in binary notation, so the /24
comes from the number of ‘on’ or ‘1’ bits in the netmask.)
With this information, we can now scan our network for connected devices using nmap
. Make sure nmap
is installed:
- Debian-based Linux:
sudo apt install nmap
Using the information gathered from ifconfig
, I would run the following command (change it to suit your own network information):
nmap -sn 10.0.0.0/24
You should see something similar to the following:
Starting Nmap 7.60 ( https://nmap.org ) at 2019-09-17 16:21 CDT
Nmap scan report for Gateway.isp.provider.net (10.0.0.1)
Host is up (0.0039s latency).
Nmap scan report for ubuntu-box. isp.provider.net (10.0.0.12)
Host is up (0.00014s latency).
Nmap scan report for raspberrypi. isp.provider.net (10.0.0.16)
Host is up (0.00042s latency).
Nmap scan report for Google-Home-Mini. isp.provider.net (10.0.0.28)
Host is up (0.011s latency).
Nmap done: 256 IP addresses (4 hosts up) scanned in 2.51 seconds
So there it is. All the devices currently up and connected to your local network. It’s important to note that the host names will not always be able to be resolved by your local machine’s DNS server. Often you will only see the IP addresses of the connected devices. But hey, that’s likely what you were looking for anyway.
Thanks for Reading! --- @avcourt
Questions? Join my Discord server => discord.gg/5PfXqqr
Follow me on Twitter! => @avcourt