IP address tracer?

[Zilla707]

Is there a way that I can tell how many devices are connected to the same wifi as my pi, and then find out their ip addresses? Is there like a command line flag that will do this?

[wh7qq]

There may well be command line utilities that do this but I have found the device list on my router to be the best bet...mine lists the network name and IP of all connected devices and clicking on the name brings up the MAC address and in some cases, the mfgr. of the connected device (Asus RTN66/Merlin), This may be the easiest as it just comes up in a browser window.

[DougieLawson]

Use nmap.

sudo apt install nmap
sudo nmap

That last command will tell you the syntax to scan your whole network.

Or install Fing on your phone and use that.

[Zilla707]

nmap looks good, but there's so many commands and I can't seem to find one that does what I want. All I really need to know is the devices that are on the same wifi as my pi.

[trejan]

nmap looks good, but there's so many commands and I can't seem to find one that does what I want. All I really need to know is the devices that are on the same wifi as my pi.

nmap -sP 192.168.1.0/24

Adjust for your local network.

[dickon]

nmap looks good, but there's so many commands and I can't seem to find one that does what I want. All I really need to know is the devices that are on the same wifi as my pi.

The only device(s) on the network with that knowledge are the wifi AP(s), and even then, if you have multiple APs, they'll only know about the clients directly connected to them. nmap, or a broadcast ping (which is probably more useful), will tell you what machines are connected to your network, but that isn't the same thing.

If your Pi *is* the AP, then

Code: Select all

iw dev wlan0 station dump

will tell you which clients are connected to it, and a simple matching with arp will get your their respective IP addresses.

[HermannSW]

nmap -sP 192.168.1.0/24

Adjust for your local network.

That was old flag, I use always "nmap -sn".
From nmap man page:

In previous releases of Nmap, -sn was known as -sP.

Also:

Code: Select all

-sn (No port scan)
           This option tells Nmap not to do a port scan after host discovery,
           and only print out the available hosts that responded to the host
           discovery probes. ...

I played a bit, and while general determination of ipv4 number of bits set is difficult, determining number of bits set in netmask can be done with the help of "bash" and "sed" easily. The other tools required are "ifconfig" and "nmap", nice script:

Code: Select all

$ cat host_discovery 
#!/bin/bash
#
# scan local network IP addresses;  depends on bash, ifconfig, nmap and sed
#
brdc=`ifconfig | grep broadcast`
inet=`echo $brdc | sed "s/.*inet[ ]*\([^ ]*\)[ ]*netmask.*/\1/g"`
netm=`echo $brdc | sed "s/.*netmask[ ]*\([^ ]*\)[ ]*broadcast.*/\1/g"`
sed1="s/128/1/g;s/192/2/g;s/224/3/g;s/240/4/g"
sed2="s/248/5/g;s/252/6/g;s/254/7/g;s/255/8/g;s/\./+/g"
bits=$((`sed "$sed1;$sed2" < <(echo $netm)`))

sudo nmap -sn $inet/$bits
$ 

<EDIT>I prefixed "nmap" with "sudo" because of Zilla707's comment and my next comment</EDIT>

Here you can see a run in my local network (the Xs are edited):

Code: Select all

pi@raspberrypi4B:~ $ ./host_discovery 
Starting Nmap 7.70 ( https://nmap.org ) at 2019-11-02 11:37 CET
Nmap scan report for fritz.box (192.168.178.1)
Host is up (0.0022s latency).
MAC Address: 44:4E:6D:01:XX:XX (AVM Audiovisuelles Marketing und Computersysteme GmbH)
Nmap scan report for XXX.fritz.box (192.168.178.2)
Host is up (0.0030s latency).
MAC Address: 0C:80:63:D7:XX:XX (Unknown)
Nmap scan report for XXXX.fritz.box (192.168.178.21)
Host is up (-0.030s latency).
MAC Address: 00:1F:3B:CF:XX:XX (Intel Corporate)
Nmap scan report for XXXXX.fritz.box (192.168.178.44)
Host is up (0.12s latency).
MAC Address: 5C:03:39:49:XX:XX (Huawei Technologies)
Nmap scan report for XXXXXX.fritz.box (192.168.178.56)
Host is up (0.16s latency).
MAC Address: 00:6B:8E:64:XX:XX (Shanghai Feixun Communication)
Nmap scan report for 192.168.178.97
Host is up (0.085s latency).
MAC Address: 9C:30:5B:51:XX:XX (Hon Hai Precision Ind.)
Nmap scan report for XXXXXXX.fritz.box (192.168.178.131)
Host is up (0.11s latency).
MAC Address: 40:B4:CD:B9:XX:XX (Amazon Technologies)
Nmap scan report for XXXXXXXX.fritz.box (192.168.178.149)
Host is up (-0.090s latency).
MAC Address: 34:CE:00:81:XX:XX (Xiaomi Electronics,co.)
Nmap scan report for yeelink-light-color1-miio56320630.fritz.box (192.168.178.154)
Host is up (0.14s latency).
MAC Address: 34:CE:00:81:XX:XX (Xiaomi Electronics,co.)
Nmap scan report for raspberrypi4B.fritz.box (192.168.178.178)
Host is up.
Nmap done: 256 IP addresses (10 hosts up) scanned in 9.56 seconds
pi@raspberrypi4B:~ $ 

[Zilla707]

Great, both of those worked. Thanks!

[EDIT]
I also found that using sudo in front of "nmap -sn 192.168.1.0/24" will give more devices and info. An example is some apple iPhones don't show up unless sudo is used.

[HermannSW]

[EDIT]
I also found that using sudo in front of "nmap -sn 192.168.1.0/24" will give more devices and info. An example is some apple iPhones don't show up unless sudo is used.

Thanks, I was not aware of that and found explanation:
https://security.stackexchange.com/ques ... sudo#74499

... with root privilege on an Ethernet LAN (like you are using, based on the IP addresses you listed), Nmap will send raw ARP packets and sniff for results. Responding to ARP requests is a prerequisite to IP communication on such a network, so it's nearly impossible to block or hide from this type of scan. ...

I did add "sudo" to my previous posting host_discovery script because of that, and added <EDIT> comment there.

I did run script with and without sudo, there is another difference when running with sudo (Xs are edited):

Code: Select all

pi@raspberrypi4B:~ $ grep MAC hd
pi@raspberrypi4B:~ $ grep MAC shd
MAC Address: 44:4E:6D:01:XX:XX (AVM Audiovisuelles Marketing und Computersysteme GmbH)
MAC Address: 0C:80:63:D7:XX:XX (Unknown)
MAC Address: 00:1F:3B:CF:XX:XX (Intel Corporate)
MAC Address: 5C:03:39:49:XX:XX (Huawei Technologies)
MAC Address: 00:6B:8E:64:XX:XX (Shanghai Feixun Communication)
MAC Address: 9C:30:5B:51:XX:XX (Hon Hai Precision Ind.)
MAC Address: 40:B4:CD:B9:XX:XX (Amazon Technologies)
MAC Address: 34:CE:00:81:XX:XX (Xiaomi Electronics,co.)
MAC Address: 34:CE:00:81:XX:XX (Xiaomi Electronics,co.)
pi@raspberrypi4B:~ $ 

There is no MAC address line for the computer you run host_discovery on (that computer is always listed last in the output).
I did run host_discovery on Ubuntu laptop and found that the mac address line company the Pi4 reports is "(unknown)" -- perhaps not correctly registered by RPF?

Code: Select all

Nmap scan report for raspberrypi4B.fritz.box (192.168.178.178)
Host is up (0.054s latency).
MAC Address: DC:A6:32:18:F9:F6 (Unknown)

P.S:
Pi4 is correctly registered, and latest version of nmap knows the new Pi prefix:
https://www.raspberrypi.org/forums/view ... 3#p1560475

Code: Select all

DCA632 Raspberry Pi Trading
B827EB Raspberry Pi Foundation

The Paspberry Pi 4 was announced 6/24/19.
But the nmap commit adding above entry was commited on 5/28:
https://github.com/nmap/nmap/blob/maste ... c-prefixes
Checkin comment "Update nmap-mac-prefixes from latest IEEE data".
So by monitoring either that nmap file one could have known that "something new will come" end of May (or by monitoring IEEE data even before)

[trejan]

nmap -sP 192.168.1.0/24

Adjust for your local network.

That was old flag, I use always "nmap -sn".
From nmap man page:

In previous releases of Nmap, -sn was known as -sP.

Oops. I'm still using a really old version where it was -sP. I didn't know it had changed.