Tag: subnet

Categories
terminal

Scanning local network for devices

Introduction

Whether you’re a network administrator, a tech-savvy homeowner, or just curious about the devices connected to your local network, knowing how to scan and identify those devices is a valuable skill. In this comprehensive guide, we’ll explore different methods and tools for scanning your local network, uncovering connected devices, and improving your overall network management and security.

  1. Understanding Your Local Network

A local network, or Local Area Network (LAN), is a collection of devices connected within a specific geographical area. These devices could include computers, smartphones, printers, and IoT devices. Local networks allow for data sharing, communication, and collaboration among the connected devices.

  1. Why Scan Your Local Network?

Scanning your local network can serve various purposes, such as:

  • Identifying connected devices for inventory and management
  • Detecting unauthorized devices for security reasons
  • Troubleshooting network issues by revealing connectivity problems
  • Mapping your network topology for better understanding and organization

  1. Scanning Methods and Tools

There are several methods and tools available for scanning local networks. Some of the most popular ones include:

  • Ping Sweeps: A simple method to check if a device is online by sending ICMP echo requests to IP addresses within a specified range.
  • ARP Scans: Utilize the Address Resolution Protocol (ARP) to identify devices by querying their MAC addresses.
  • Network Scanners: Tools like Nmap, Advanced IP Scanner, and Angry IP Scanner offer advanced scanning features, such as port scanning and OS fingerprinting.

In this article we will go over local network discovery using the ‘ip’ and ‘nmap’ tools. First we will go over it using the commands ‘ip’ and ‘nmap’:

ip route
default via 10.0.0.1 dev wlp1s0 proto dhcp metric 600 
10.0.0.0/24 dev wlp1s0 proto kernel scope link src 10.0.0.21 metric 600 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown

On the second line you will find our subnet mask ‘10.0.0.0/24’. This means all devices in this network are assigned IPs in the range ‘10.0.0.1-254’.

‘nmap’ understands this CIDR notation, and you can pass exactly that as a parameter:

nmap 10.0.0.0/24
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-14 11:21 EST
Nmap scan report for _gateway (10.0.0.1)
Host is up (0.0068s latency).
Not shown: 994 closed ports
PORT      STATE SERVICE
53/tcp    open  domain
80/tcp    open  http
548/tcp   open  afp
5000/tcp  open  upnp
8200/tcp  open  trivnet1
49152/tcp open  unknown

Nmap scan report for 10.0.0.2
Host is up (0.0098s latency).
Not shown: 995 closed ports
PORT     STATE SERVICE
8008/tcp open  http
8009/tcp open  ajp13
8443/tcp open  https-alt
9000/tcp open  cslistener
9080/tcp open  glrpc

Nmap scan report for 10.0.0.6
Host is up (0.0029s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
80/tcp   open  http
443/tcp  open  https
8080/tcp open  http-proxy

Nmap scan report for 10.0.0.8
Host is up (0.013s latency).
All 1000 scanned ports on 10.0.0.8 are closed

Nmap scan report for 10.0.0.9
Host is up (0.016s latency).
All 1000 scanned ports on 10.0.0.9 are closed

Nmap scan report for 10.0.0.12
Host is up (0.013s latency).
Not shown: 995 closed ports
PORT      STATE SERVICE
8008/tcp  open  http
8009/tcp  open  ajp13
8443/tcp  open  https-alt
9000/tcp  open  cslistener
10001/tcp open  scp-config

Nmap scan report for 10.0.0.13
Host is up (0.0067s latency).
All 1000 scanned ports on 10.0.0.13 are closed

Nmap scan report for 10.0.0.17
Host is up (0.026s latency).
Not shown: 999 closed ports
PORT     STATE SERVICE
8080/tcp open  http-proxy

Nmap scan report for fedora (10.0.0.21)
Host is up (0.00026s latency).
All 1000 scanned ports on fedora (10.0.0.21) are closed

Nmap scan report for 10.0.0.25
Host is up (0.011s latency).
All 1000 scanned ports on 10.0.0.25 are closed

Nmap scan report for 10.0.0.32
Host is up (0.0050s latency).
Not shown: 999 closed ports
PORT      STATE SERVICE
62078/tcp open  iphone-sync

Nmap done: 256 IP addresses (10 hosts up) scanned in 46.90 seconds

sudo arp-scan -I wlp1s0 -l
Interface: wlp1s0, type: EN10MB, MAC: 9c:b6:d0:21:e3:b9, IPv4: 10.0.0.21
Starting arp-scan 1.9.7 with 256 hosts (https://github.com/royhills/arp-scan)
10.0.0.1	3c:37:86:4d:03:4b	NETGEAR
10.0.0.6	00:17:88:67:98:4e	Philips Lighting BV
10.0.0.3	4c:24:98:3a:17:88	Texas Instruments
10.0.0.10	d0:c5:d3:61:b8:88	AzureWave Technology Inc.
10.0.0.8	58:70:c6:01:f3:75	Shanghai Xiaoyi Technology Co., Ltd.
10.0.0.9	fc:49:2d:e4:1b:49	Amazon Technologies Inc.
10.0.0.4	d0:c5:d3:1c:83:55	AzureWave Technology Inc.
10.0.0.25	94:be:46:11:c7:46	(Unknown)
10.0.0.12	d4:f5:47:15:69:2d	Google, Inc.
10.0.0.28	42:9c:77:6b:69:41	(Unknown: locally administered)
10.0.0.34	40:16:3b:e1:1f:8c	Samsung Electronics Co.,Ltd
10.0.0.28	42:9c:77:6b:69:41	(Unknown: locally administered) (DUP: 2)
10.0.0.34	40:16:3b:e1:1f:8c	Samsung Electronics Co.,Ltd (DUP: 2)
10.0.0.13	18:b4:30:e5:15:6e	Nest Labs Inc.
10.0.0.2	00:04:4b:54:15:68	NVIDIA
10.0.0.13	18:b4:30:e5:15:6e	Nest Labs Inc. (DUP: 2)
10.0.0.2	00:04:4b:54:15:68	NVIDIA (DUP: 2)
10.0.0.11	88:de:a9:18:42:e9	Roku, Inc.

Scanning your local network for devices is an essential skill for effective network management and security. By familiarizing yourself with various scanning methods and tools, you can easily identify and document connected devices, troubleshoot issues, and maintain a secure network environment. Don’t forget to scan your network regularly to keep it in optimal shape and to protect against potential threats.

References:
http://www.sput.nl/internet/cidr-routing.html

https://superuser.com/questions/124453/how-can-i-scan-the-local-network-for-connected-devices-mac-os