NMAP, discover devices on the (same) network

There are different tools that can discover devices connected on the same network.

The simpler one is netdiscover.

Let’s check our subnet before. Type, so


to discover our ip address and so our subnet

let’s say that our ipaddress is

Our subnet is 192.168.1 so all the other device connected on the same subnet are in the following range <== it means from to

To discover all the other devices connected to the same subnet using netdiscover, type:

netdiscover -r

The result will show you the list of all devices connected:

Currently scanning: Finished! | Screen View: Unique Hosts
33 Captured ARP Req/Rep packets, from 12 hosts. Total size: 2094

IP At MAC Address Count Len MAC Vendor / Hostname e4:8f:34:37:ba:04 20 1200 Vodafone Italia S.p.A. 3c:22:fb:b8:8c:c6 1 60 Apple, Inc. 5a:92:d0:37:82:da 1 60 Unknown vendor c8:6c:3d:96:65:96 1 174 Amazon Technologies Inc. 74:d4:23:c0:e4:88 2 120 Unknown vendor 7c:8b:ca:1b:d8:31 1 60 TP-LINK TECHNOLOGIES CO.,LTD. 20:f4:78:1c:ed:dc 1 60 Xiaomi Communications Co Ltd 7c:8b:ca:1b:d8:31 1 60 TP-LINK TECHNOLOGIES CO.,LTD. 80:35:c1:52:d8:e3 1 60 Xiaomi Communications Co Ltd 38:1f:8d:ed:70:d2 1 60 Tuya Smart Inc. 80:0c:f9:a2:b0:5e 1 60 Amazon Technologies Inc. b8:27:eb:26:8c:04 2 120 Raspberry Pi Foundation

The netdiscover tool can show ipaddress, mac address and the vendor of the device.

A most powerfull tool is nmap

nmap stands for Network MAPping, and is a tool, like netdiscover, that can find devices in your network but will show more information than netdiscover, like open port, services, OS version, …

The visual interface tool for nmap is Zenmap

With Zenmap you can choose graphically which comman on nmap to use.

With Zenmap you can choose different type of scan, for instance, and it basically translate your choose in a nmap command.

For instance, if you choose a °quick scan plus° choise it will execute the command

nmap -sV -T4 -O -F --version-light

with nmap you can scan a single website or multiple as well, to check port and services exposed

for instance to check google open port and service you can type

nmap google.com

Detect firewall

sudo nmap -sA <ipadress>

To identify Hostnames  

sudo nmap -sL <ipadress>

We use “sL” option to find hostnames for the given host by completing a DNS query for each one.