We are going to use nmap to scan the ports on each device and tells which ones are open. Port 22, for example, is reserved for SSH connections and port 80 is reserved for HTTP web traffic. They are always used to carry network traffic of a specific type. Some port numbers are preallocated, or reserved. Network traffic is delivered to an IP address and a port, not just to an IP address. All the apartments have the same street address (the equivalent of the IP address), but each apartment has its own number (the equivalent of the port).Įach program or service within a device has a port number. Ports are numbered endpoints for network connections on devices. If we remove the -sn option nmap will also try to probe the ports on the devices. There are a couple of devices marked as Unknown. But definitely, there should be more than one showing up. How many are connected to the network will always vary because they’re continually swapped in and out of duty as they get re-imaged and re-purposed. Liteon technology and Elitegroup Computer systems, for example. There are several devices with names that don’t mean anything to me all. It allows them to pester me at home more easily, so I’m well aware of that device. The Avaya device is a Voice Over IP phone that provides me with an extension on the telephone system at head office. There’s a couple of devices listed as manufactured by Dell. The only Samsung device I have is a laser printer, so that narrows that one down. The Amazon Technologies device will be my Echo Dot. Raspberry Pi Foundation is self-explanatory. What some of these devices are is clear to me. These are the ones we need to investigate further.
When you look through your results, you will likely see devices that you recognize. Or, as we shall see, we have what nmap has reported as the manufacturer, to the best of its ability. We know the manufacturer for some of them. There are 15 devices switched on and connected to the network. We’ve established a list of the connected network devices, so we know how many of them there are. And where possible, nmap has identified the manufacturer. In other words, we have a list of the devices connected to the network, together with their IP address. The advantage of using the -sn option-as well as being a quick and lightweight scan-is it gives you a neat list of the live IP addresses. Without sudo this scan would not return the manufacturer information, for example.
You can run this scan without using sudo, but using sudo ensures it can extract as much information as possible. sudo nmap -sn 192.168.4.0/24Īfter a short wait, the output is written to the terminal window.
The parameter “192.168.4.0/24” translates as “start at IP address 192.168.4.0 and work right through all IP addresses up to and including 192.168.4.255”. The “/24” tells nmap to scan the entire range of this network. That is the first possible IPAddress on this network. The IP address we’re going to use is the one we obtained using the ip command earlier, but the final number is set to zero. Don’t be surprised when nothing visible happens for a minute or so. It does all of its probing and reconnaissance work first and then presents its findings once the first phase is complete. Of course, the more devices you have on the network, the longer it will take. It will do a lightweight, quick scan.Įven so, it can take a little time for nmap to run. This tells nmap to not probe the ports on the devices for now. We’re going to use the -sn (scan no port) option. It can deduce a lot about the device it is probing by judging and interpreting the type of responses it gets. It works by sending various network messages to the IP addresses in the range we’re going to provide it with it. RELATED: How Do IP Addresses Work? Get Started with nmap Happily, nmap works with that notation, so we have what we need to start to use nmap. And because the largest number you can hold in an 8-bit binary number is 255, the IP address range for this network will be 192.168.4.0 through to 192.168.4.255.Īll of that is encapsulated in the “/24”. This subnet mask informs the hardware that the first three numbers of the IP address will identify the network and the last part of the IP address identifies the individual devices. The subnet mask and the IP address are used to indicate which part of the IP address identifies the network, and which part identifies the device. The “/24” means that there are three consecutive sets of eight 1’s in the subnet mask. The IP address of this computer is “192.168.4.25”. In the bottom section of the output, you will find your ip address. Handily, Linux provides a command called ip and it has an option called addr (address).