nmap Discovery Using A Port Number

I’m sure you’ve been there before. You connect a network tool to your network, it gets assigned an IP address via DHCP and now you need to connect to it.

I’ve been through this dance before and have used many techniques to determine the IP address of the device. Here are some examples of what worked;

• Pinging the name of the device

• Capture packets and look for a DHCP Discover packet

• Run a IP scanning utility

• Look for the device MAC address in the DHCP table

If you’re really lucky, the vendor uses a default static IP address and you can simply look for that. Unfortunately that same static IP address can pose an issue when you ship equipment to remote sites.

Over the years, I have found nmap to be the easiest way to find a device when it is listening on a specific port number. The command I used is nmap –p portnumber ipaddress/mask –open for example to find a device using port number 3000 on subnet 10.44.10.0/24 would be nmap –p 3000 10.44.10.0/24 –open

You can find nmap at https://nmap.org/