How To: Find Local Network Devices

Today’s article will be a bit of a weird one, as I share with you one way to find local network devices using the Linux terminal. I suppose network device discovery is typically seen as a dark art, something a malicious hacker might do, but it’s completely harmless (in and of itself). So, if you want to find local network devices, this article just might be for you!

What we’ll actually be doing is scanning a block of IP addresses to see what responds to our prodding. This is sometimes called IP Scanning or IP Sweeping. It’s also sometimes called Port Scanning, but we won’t be doing any real port scanning. I assure you, I am not secretly trying to turn you into a big bad hacker – but this is a pretty neat ‘hack’ (in the traditional sense of the word).

We will be learning just a single command (with a bit of explanation) with a single flag. It’s a very complicated tool and trying to cover it all would take a giant article or many smaller articles. You can guess which one we’re going to do!

The tool we’re going to use for this is called ‘nmap’. This is available in every major distro. It might be installed by default. It’s just the tool for the task at hand, so you need to install it before you can use it as this article will suggest. (I trust you to know how to do so at this point.)

Did you install nmap? If so, please continue. If not, read the last paragraph.

With nmap installed, you can check the man page to see that it’s described as:

nmap – Network exploration tool and security / port scanner

Now you’re ready…

Find Local Network Devices:

Picture this…

So, for some reason, one of my laptops has stopped answering on the .local domain when I want to connect to it with SSH. I have choices at this point. I could fire up Team Viewer and then connect to the laptop to find the IP address belonging to the said laptop. Another choice would be to get off my lazy butt and walk to the device, but that defeats the point of remotely controlling the device.

I suppose the best choice would be to just figure out why it’s stopped responding on the .local domain. Wouldn’t that be novel?

But, I have another tool! I have a tool that’s reasonably fast, very easy, and likely effective! That tool is, as suggested earlier, nmap.

The first thing I do is crack open a terminal to find my local IP address. That’s easy enough and the link will show you how to find your private (or local) IP address. Though it needn’t be private. Security by obscurity is not security – and it’s trivial to learn. But, that’s an article for another day.

I was able to quickly learn that my local IP address is 192.168.215.88. From this, I realize that the most common configuration will be for everyone to be on the same subnet and so my laptop likely falls within the 192.168.215.1 to 192.168.215.255 range.

We can use the asterisk to represent any of those numbers, as it’s a wildcard. This means the next command is obvious and will be simply:

The -sn flag would mean ‘do not do a port scan’, so it’s checking only for devices that return a ping. Make sense? (It’s a pretty speedy command when not also scanning ports.)

A Picture Of nmap:

I think that this is one of those instances where my text isn’t quite clear enough. So, what I’m going to do is show you a picture. 

The nmap command I ran showed me a list of local network devices. As I already know the IP address of the device I’m using, I can exclude that from the list. The device I’m looking for (my laptop) is then a different IP address.

The process looks something like this (trimmed down to just have one device for simplicity’s sake):

using nmap to find local network devices
As I know my device’s IP address, I can exclude that from the list of possible IP addresses.

As you can see, I first tried to connect with the .local domain and found that it did not work. So, I ran the nmap command and used a wildcard to scan the entire IP address range (1 to 255).

Sure enough, the IP sweep with nmap found another device and showed the IP address. It showed the gateway, which I could also exclude. The process of elimination meant there was one IP address to try (it could have contained more devices). I tried to use SSH with that IP address and, sure enough, that’s my laptop!

See? I saved a trip across the room! I saved opening up a bulky application and waiting for it to do its thing before I could even try using it to connect to the laptop. In fact, I suppose I also saved the effort I could have spent just randomly guessing IP addresses and hoping I got the right one for my laptop eventually!

Closure:

I figure there’s a lesson in nmap in there somewhere. You never know when you’re going to need to find local network devices! Now, when you do need to do so you will know how.

I figured I’d try writing this one in a way that showed you how I benefit from knowing how to do this. I figured that it’d be interesting to show you how the command solves a real problem. There have been a few articles similar to this and they’re fun articles to write. They are articles that come from the real me, the me that is actively using and appreciating Linux (often in the terminal) in my day-to-day life.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

How To: Scan A Remote Host For Open Ports

In today’s article, we’re going to learn another way to scan a remote host for open ports. It’s actually going to be an easy article to follow, suitable even for beginners. Read on, I promise it’s not all that complicated! We can make this pretty simple.

There are a couple of reasons why you’d want to scan for open ports. You may want to know what ports you have open, or you may be interested in penetrating a remote host and want to know what ports are open (and things like what services are running on them).

This may seem  a little familiar. We recently used the ‘nc’ command to check if a specific port is open. You can (and should) read that article (it goes into describing ports, so it’s worth reading as I don’t want to duplicate the work) here:

How To: Check If A Specific Port Is Open

Again, if you’re not all that familiar with ports, you should read that article. It explains them in more detail.

The tool we’re going to use is ‘nmap‘, a familiar tool that’s used by security professionals, but can be used for our purposes just fine. It’s not all that daunting, which is why I feel even a beginner can learn to scan a remote host for open ports.

Installing nmap:

Alas, nmap is seldom installed by default. As such, you’ll need to install it. We’ll do that in the terminal. If you need to open a terminal, just press CTRL + ALT + T and your default terminal should open.

So, let’s get nmap installed:

Fedora/Derivatives:
Debian/Ubuntu:
RHEL/CentOS:

I know those should work, but nmap will certainly be in most default repositories. You should be able to install it with your package manager. Once you have nmap installed, you can check the man page to see how nmap describes itself:

There, you’ll see:

nmap – Network exploration tool and security / port scanner

Which, as you can guess, is a pretty good description. You’ll also notice that there are a whole lot of options. It’s a pretty complicated command. Don’t worry, we’ll make it easy for our goal, which is too…

Scan A Remote Host For Open Ports:

You should have an open terminal from the previous section. You’ll need that. While there are graphical tools for scanning for open ports, nmap is not one of them. You use nmap in the terminal, like so many of the great Linux applications.

So, then let’s start with the basics. If you want to scan a remote host for open ports, your best starting point will be:

For example, you could use Linux-Tips.us as a test:

Or you can use a computer on the same network via the hostname or IP address. That’d look like:

However, that command won’t actually scan all the possible ports. It only scans the 1000 most common ports, which is usually what you’re after. You can scan the entire range of ports if you want. That’d look like:

If you want, you can actually scan for a specific port to see if that port is open on the remote host. That’s a bit more complicated, but not much. Try a command that looks like this:

To try to make that more clear, see the following example to check to see if the default SSH port is open:

I’ve even made you an example image of the above commands:

a number of nmap commands being used to scan a remote host for open ports
As you can see, it’s pretty easy to use nmap to scan a remote host for open ports.

See? While nmap may seem daunting when you first check the man page, it’s pretty easy to use nmap to scan a remote host for open ports. It’s even easy enough for a newbie to use!

Closure:

Well, that’s another article. I have yet to run out of notes and I have yet to run out of ideas for articles. So, there are likely to be even more articles written. Eventually, I’m sure to run out – or need a break. But, for now, you have an article that tells you how to scan a remote host for open ports. It’s even easy enough for a beginner.

The nmap application is one of the first tools you’ll learn when you decide to learn about network security. If you want to probe a site for security holes, it’s important to know which doors are open and available for you to explore. Well, that’s where tools like nmap come into play and this article will get you started.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Linux Tips
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.