Open in app

Sign in

Write

Sign in

Inspecting a network with nmap

Johan Book
2 min readNov 7, 2021

I often like to see what devices are on my home network or run a server on one computer and access it on another. So in this article I will map my home network and lookup the found devices. To follow along you need to know some basic Linux .

I will be using a tool called nmap to investigate the network. It takes
one or several IP addresses and can run various scans on them. nmapcan be installed via most system package managers. For example, it'ssudo apt-get install nmap on Ubuntu.

In order to use nmap I first need to know what IP addresses to scan, meaning I want the address of my home network. I use ip addr to list the IP addresses of the various network interfaces on my computer. The ones I am interested in are typically either eth (connected via Ethernet cable) or wlp (connected via WiFi). Here are the lines I found interesting;

> ip addr

2: wlp0s20f3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
 inet 192.168.1.90/24 brd 192.168.1.255 scope global dynamic noprefixroute wlp0s20f3

It says that the IP address of my computer is 192.168.1.90/24. The trailing
/24 is the subnet mask which here says that the last number (90) designates different devices on the local network.

Now when we have the IP address and the submask we can put nmap to work. Since we only want to know what devices are running we will perform a ping scan, meaning that we will ping each IP in the network and see if responds without doing any additional scans. We add the -sn option for ping scan and -oG option to store output in a text file.

nmap -sn 192.168.1.90/24 -oG network_devices.txt

This prints the result to shell but we also have in the network_devices.txt
file, which contains:

# Nmap 7.92 scan initiated Sun Nov 7 15:36:36 2021 as: nmap -sn -oG network_devices.txt 192.168.1.90/24
Host: 192.168.1.1 (MyRouter.lan) Status: Up
Host: 192.168.1.50 (MyComputer.lan) Status: Up
Host: 192.168.1.60 (UnknownDevice.lan) Status: Up
# Nmap done at Sun Nov 7 15:36:38 2021–256 IP addresses (5 hosts up) scanned in 2.34 seconds

I can see my router and my computer but also some device that I do not know so let’s inspect it a bit further . I run nmap on this device with the-O flag to attempt to find its OS.

> sudo nmap -O 192.168.1.60

Device type: media device|general purpose
Running: Google Android 4.1.X, Linux 3.X|4.X
OS CPE: cpe:/o:google:android:4.1.1 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Android 4.1.1, Linux 3.2–4.9

This printed all information nmap could deduce about the device, including open ports etc. We can also from the OS see that is was an Android device. This means that is was probably a phone that recently connected to the network.

Thanks for reading!

Cybersecurity
Network
Nmap

--

--

Johan Book

Written by Johan Book

2 Followers

I am a frontend engineer who likes to dabble in philosophy, AI and IT security

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams