How to view all devices on your network with nmap …

Do you think you know what is connected to your home network? You would be surprised. Learn how to verify the use of nmap in Linux, which will allow you to explore all the devices connected to your network.

You may think that your home network is quite simple, and there is nothing more to learn at a deeper level. You may be right, but you are likely to learn something you did not know.

With the proliferation of Internet of Things (IoT) devices, mobile devices such as phones and tablets and the smart home revolution. In addition to "normal" network devices such as broadband routers, laptops and desktops, this could be a revelation.

If you need it, install nmap

We will use the nmap command. Depending on what other software packages you have installed on your computer, nmap may already be installed.

If you don't have it, then this is how it is installed on Ubuntu.

sudo apt-get install nmap

This is how it is installed in Fedora.

sudo dnf install nmap

Installation in Manjaro.

sudo pacman -Syu nmap

You can install it in other versions using the package manager for your specific Linux distribution.

Find your IP address

The first task is to find out what is the IP address of your computer. There is a minimum and maximum IP address that your network can use. So this is the range or range of IP addresses for your network. So you have to provide IP addresses or a range of IP addresses to nmap, so you need to know what those values ​​are.

Virtually, Linux provides a command called ipy and has an option called addr (address). Type ip – space – addr. And press Enter.

ip addr

In the lower section of the output, you will find your IP address. It is preceded by the "inet" tag.

We will take an example: the IP address of the computer is: «192.168.4.25». The "/ 24" means that there are three consecutive sets of eight 1 in the subnet mask. (Y 3 x 8 = 24).

In binary language, the subnet mask is: 11111111.11111111.11111111.00000000. And in decimal numbers it is: 255.255.255.0.

The subnet mask and IP address are used to indicate which part of the IP address identifies the network and which part identifies the device. This subnet mask informs the hardware that the first three numbers of the IP address will identify the network and the last part identifies the individual devices.

And because the largest number you can have in an 8-bit binary number is 255, the range of IP addresses for this network will be 192.168.4.0 to 192.168.4.255.

All of this is encapsulated in section "/ 24". Fortunately, nmap works with that notation, so you have what you need to start using nmap.

Start with nmap

nmap is a network mapping tool. It works by sending several network messages to the IP addresses in the range you provide. You can deduce a lot about the device you are testing by judging and interpreting the type of responses you get.

Start a simple scan with nmap. Use the -sn option (scan without port). This tells nmap not to test the ports on the devices for now. It will make a light and fast scan.

Even so, it may take a little while to run nmap. Of course, the more devices you have on the network, the longer it will take. First he does a whole survey and recognition work, and then presents his findings once the first phase is completed. Do not be surprised when nothing visible happens for a minute or so.

The IP address you are going to use is the one you get using the ip command, but the final number is set to zero. That is the first possible IP address on this network. The "/ 24" tells nmap to scan the entire range of this network.

The parameter "192.168.4.0/24" is translated as "start at IP address 192.168.4.0 and work directly through all IP addresses up to 192.168.4.255 inclusive".

Keep in mind that we are using sudo.

sudo nmap -sn 192.168.4.0/24

After a short wait, the output is written in the terminal window.

You must ensure that nmap collects all the information that it can

You can run this analysis without using sudo, but using "sudo" ensures that you can extract as much information as possible. Without sudo, this scan would not return the manufacturer's information, for example.

The advantage of using the -sn option, in addition to being a fast and light scan, is that it gives you an ordered list of live IP addresses. In other words, you have a list of the devices connected to the network, along with their IP address. And where possible, nmap has identified the manufacturer. That is not bad for the first attempt.

Perform a deeper scan

If you remove the -sn option, nmap will also try to poll the ports on the devices. Ports are numbered endpoints for network connections. For example; Imagine an apartment block. All apartments have the same address (the equivalent of the IP address), but each apartment has its own number (the equivalent of the port).

Each program or service within a device has a port number and network traffic is delivered to an IP address and a port. not just to an IP address. Some port numbers are pre-assigned or reserved.

They are always used to transport network traffic of a specific type. Port 22, for example, is reserved for SSH connections and port 80 is reserved for HTTP web traffic.

Now, use nmap to scan the ports on each device and it will tell you which ones are open.

Type in the terminal: nmap 192.168.4.0/24

This time you get a more detailed summary of each device. They tell you that there are 13 active devices on the network. The number of devices may vary as you run these scans. It is probably due to mobile devices arriving and leaving the premises, or the switching on and off of equipment.

Also, keep in mind that when you turn on a device that has been turned off, it may not have the same IP address as the last time it was in use. Although it might not be the reason for this.

As you scroll through the nmap report, look for anything you can't explain or that seems unusual. When you review the list, take note of the IP addresses of any device you wish to investigate further.

A hidden web server

The next problem to take a look is HTTP port 80 on a printer. Again, take the IP address of the results in nmap and copy it to an address in your browser. You do not need to provide the port; the browser would default to port 80.

Then, the printer has a built-in web server. Now you can see the number of pages that have passed through the printer, the level of toner and other useful or interesting information.

You can use a different command

Now change tactics. Another command that is useful to specify the identity of the devices in your network is arp. Which is used to work with the Address Resolution Protocol table on your computer. It is used to translate from an IP address (or network name) to a MAC address.

If arp is not installed on your computer, you can install it this way:

In Ubuntu, use apt-get:

sudo apt-get install net-tools

In Fedora use dnf:

sudo dnf install net-tools

Use pacman in Manjaro:

sudo pacman -Syu net-tools

To get a list of the devices and their network names, if they have been assigned one, simply type arp and press Enter.

The output gives you two cross-reference means with the nmap output. Because the MAC addresses of the devices are listed, you can check the nmap output to further identify the devices.

In addition, because you can use a machine name with ping and display the underlying IP address, you can cross-reference the names of the machines with the IP addresses using ping each name in turn.

For example, ping Nostromo.local and find out what your IP address is. Note that machine names are not case sensitive.

ping nostromo.local

Similarly, you must use CTRL + C to stop the ping.

Now check the ping output

The output shows you that your IP address is 192.168.4.15. And that is the device that appeared in the first nmap scan with Liteon as manufacturer.

The Liteon company manufactures computer components that are used by many computer manufacturers. In this case, it is a Liteon Wi-Fi card inside an Asus laptop. So, as you noted earlier, the name of the manufacturer that returns nmap is just its best guess. How would nmap know that the Liteon Wi-Fi card was installed on an Asus laptop?

And finally the MAC address of the device manufactured by Elitegroup Computer Systems coincides with the one in the arp list of the device that has been called LibreELEC.local.

This is an Intel NUC that runs the LibreELEC media player. So, this NUC has a motherboard from the Elitegroup Computer Systems company. And there are all the devices, all the mysteries solved.

All devices accounted for

You have verified that there are no unexplained devices in your network. You can also use other techniques to investigate your network. You can do it out of interest, to satisfy your inner geek, or to make sure that everything connected to your network has the right to be there.