I am often on one computer in my house and I would like to SSH to another one, but often don't know the IP address of the one I want to connect to. Is there a way, from the command line, to scan the local network so I can find the computer I want to connect to?
Asked
Active
Viewed 1.4e+01k times
74
-
1If you don't know which computers are connected to **your house**'s network, I think you might have a problem... – Massimo Apr 05 '12 at 08:31
-
1...and how do you know you're sshing into the right one? Time to sort out your ip addresses / name lookups. – symcbean Apr 05 '12 at 09:00
-
6In defense of Andrew: yes, it's desirable to set unchanging IPs in the DHCP lease, and to have local names. However, consider the real-world case where I just carried a headless Ubuntu PC into the office and hooked it up. For the first connection, I wanted to find the IP without carrying a keyboard and monitor over to it. To symcbean's question, it was easy to know the correct PC based on the MAC address decoding (automatically done by nmap/Zenmap) to the motherboard manufacturer, and the operating system used. Sometimes you don't know the IP and need to find it. – Phrogz Nov 12 '15 at 18:27
-
> but often don't know the IP address of the one I want to connect to Isn't this what DNS was invented for? – Chris McKeown Apr 05 '12 at 07:37
6 Answers
112
From the command line you could use:
sudo nmap -sS -p 22 192.168.10.0/24
Substitute for the local address space on your network. I sometimes use this when I plug in a headless rasberry pi and want to find where to ssh to.
-
9Exactly one of the use-cases that lead me to ask this question. Thanks! – Andrew Nov 14 '15 at 20:27
-
+1 Also using for raspberry pi but: ```sudo nmap -sS -p 22 192.168.10.0/24``` – Gtx Feb 14 '16 at 18:21
63
Use "nmap" - this will tell you which hosts are up on a network, and indeed which have port 22 open. You could combine it with a few other tools (like grep) to produce more targeted output if need be.
Note: do this only on YOUR network. Running up nmap or its equivalents on someone else's network is considered bad form.
sudo nmap -p 22 192.168.0.0/24
dmourati
- 25,540
- 2
- 42
- 72
Tom Newton
- 4,141
- 2
- 24
- 28
-
http://www.bluebitter.de/portscn2.htm Use BluePortScan if you want a more simple thing than nmap – Gk. Apr 05 '12 at 07:16
-
9
-
4
54
nmap -p 22 --open -sV 192.168.178.0/24
Motsel
- 668
- 5
- 6
-
How is this different than the other answers? How do we know that is my local network? – chicks Feb 16 '18 at 22:13
-
2It does not require `sudo` and can be used with Android NetworkMapper – Vadym Tyemirov Jul 17 '18 at 15:05
-
10I prefer this answer. The addition of `--open` removed a lot of crud from the output and actually showed me the machine I was looking for. – Duncan Jones Oct 27 '18 at 06:11
-
1
4
You can manually telnet each ip at port 22.
If successful you should see the OpenSSH version string.
The process of checking each ip in the subnet can be done by means of the 'for' directive.
Hector Luis Gimbatti
- 41
- 1
3
I would advise against checking port 22 only. Not all SSH servers use port 22 by default. For instance, OpenSSH in Termux on my Android phone uses port 8022.
Instead, use nmap's powerful version detection feature, and check all ports:
% nmap -sV 192.168.68.0/24 | grep -wE '(scan report|ssh)'
Nmap scan report for 192.168.68.1
22/tcp open ssh Dropbear sshd (protocol 2.0)
Nmap scan report for 192.168.68.100
22/tcp open ssh Dropbear sshd 2015.67 (protocol 2.0)
Nmap scan report for 192.168.68.101
Nmap scan report for 192.168.68.103
Nmap scan report for 192.168.68.105
8022/tcp open ssh OpenSSH 9.1 (protocol 2.0)
Also, it's a common tactic among sysadmins to change services like SSH to a weird high port in an attempt to hide it. Although that doesn't really apply in your situation, since you probably administer your own LAN machines.
Matt Alexander
- 250
- 2
- 10
1
If you just want the hostnames/ips and don't want the other info:
sudo nmap -sS -p 22 192.168.1.0/24 | grep report
ericcurtin
- 111
- 2