Thoughts, stories and ideas.

Network Scans with arp and nmap

Once in a while, I get around running network scans to check what devices and ports are open on my network. The proliferation of IoT devices in my home, combined with lack of VLAN capabilities of my router, has upped my uneasiness in the recent times.

There are two modes of scans I often run

MAC Address scans

All devices on my router have to be manually mac address whitelisted before they are able to connect to either the internet or be used internally. There is also a separate network interface for guests that are barred from the private network.

arp is a handy command that allows listing of all mac addresses on the current network. I use this often for whitelisting and verifying devices.

$ arp -an

nmap network scan

nmap is much more versatile, but also verbose and so I use it sparingly. I do perform network scans in two modes

1. Network namespace scan

The following command scans the entire /24 of the current subnet. It produces a report of all open ports.

sudo nmap -v -O -sS

2. Specific IP scan

For a much more detailed scan, I want to inspect a specific IP address, all its open ports, the services running and potentially the OS as well.

sudo nmap -v -O -A
  • The -A enables OS and service detection
  • Combining this with -T4 allows for faster execution.