There have been a number of times when having got my Raspberry Pi all set up and ready to take time-lapse photographs, or just when I think I have finished configuring it as a music player, the moment I tuck it away on a window sill or somewhere behind the hi-fi I discover I need to connect to it from my laptop to modify something, only to find I don’t know or can’t remember the IP address.
I could login to the router (or what ever box was acting as my DHCP server) and list all the current DHCP leases, but I generally find that it is quicker just to scan the network and see what is connected using ‘nmap’.
Note – While using ‘nmap’ to scan your own home network is unlikely to upset anyone, scanning someone else’s network with out their explicit permission is generally considered unfriendly and could get you into trouble.
If this handy tool isn’t installed then you will have to install it using ‘apt’ which requires you to be running as a super user.
Then you need to update the current package list and install any updates before installing ‘nmap’ using ‘apt’. (Updating your system before installing a new package can help avoid problems with dependencies on out of date packages breaking the install later).
Using NMAP to find you Raspberry Pi
You could do a ping scan but you Raspberry Pi may be set up to block ICMP ping requests, and it can take a while to scan a whole subnet. So I just use ‘nmap’ to perform a reverse DNS lookup for every address in the subnet – obviously you need to make sure you use the right network address (see below).
There is a lot of unwanted output so it helps if you know the name of your machine so you can filter out the unwanted text.
The longer command below may take a while to enter unless you are using cut and paste but it has the advantage of using the ‘hostname’ command to get the IP address of your machine so it will automatically do the reverse lookups using the correct range of addresses (assuming you have a class C subnet). I then use ‘grep’ to remove any results that don’t match the first octet of the local subnet, so the output includes all machines on my local subnet that are known to the DNS server.
You can also use ‘nmap’ to try to obtain a bit more information about any machine on your network, in this case not a lot as this particular Raspberry Pi is configured as a secure ftp server.
However, you can still see which ftp server it is running and the version number, which is information that an attacker could use to identify any vunerabilities in the system. You can also see that all the unused ports are being filtered which indicates that there is a firewall rule in place to deny access to any port not explicitly allowed.
Note – The command above will try to scan every single port, and can be expected to take a while to finish.
Raspberry Pi is a trademark of the Raspberry Pi Foundation