18

I've attached a Raspberry Pi running Ubuntu to my home network with a cable. It is booted up and connected to the network. The Pi has no keyboard, mouse, or monitor. If I know the IP address that was assigned to the robot, they could ssh into it.

It turns out that RasPis have a known OUI {Organizationally Unique Identifier} to their MAC addresses. All of their MAC addresses start with b8:27:eb. So if I could get a list of all the MAC addresses on my network I would be golden.

But...

arp -a | grep "b8:27:eb"

Should should do it. Except that apr -a does not produce an exhaustive and up to date list. Any ideas on how I could get an up to date list of MAC addresses on computers on the network, or get the IP address of a newly attached Raspberry Pi?

Thanks!

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
pitosalas
  • 637
  • 2
  • 8
  • 17
  • Does it not have ports where you can connect a keyboard, mouse, and monitor? – Nasir Riley Sep 09 '20 at 15:43
  • 3
    The board has them but the users for whom I am writing the instructions will not have those. – pitosalas Sep 09 '20 at 16:02
  • You can know the MAC address of a pi before it starts if you assign it one when you prepare the micro-SD card. You add `smsc95xx.macaddr=hh:hh:hh:hh:hh:hh` to the end of the /boot/cmdline.txt file. I find this useful to quickly tell my Pis apart. – Michael Harvey Sep 10 '20 at 18:47
  • The easiest way to achieve that is from the device that controls your home network, i.e., your home router. It indeed has a list of MAC and IP addresses of the devices in the network. Regardless, if you'd know the complete MAC you usually can simply derive the IPv6 from it as IPv6 doesn't use DHCP (by default). – ljrk Sep 11 '20 at 08:44
  • Not an answer: but this just appeared in my blog roll: https://www.raspberrypi.org/blog/what-the-blink-is-my-ip-address/ – DaveShaw Sep 11 '20 at 15:57

7 Answers7

23

Assuming not too large a network range you can force the ARP table to be populated before you look through it. These examples are for a typical home network on 192.168.1.0-255

nmap -sn 192.168.1.0/24          # Ping scan
arp -na | grep 'at b8:27:eb:'    # Match the RPi devices

Otherwise, you could look for devices with an open SSH port,

nmap -oG - -p 22 192.168.1.0/24  | grep /open/

Or look at your router's DHCP assignment table to see what addresses it has recently allocated.

roaima
  • 107,089
  • 14
  • 139
  • 261
  • 7
    In my home network the second command worked and took only about 30 seconds. It produced two IP addresses, one of which was correct. I have to quickly go find out which is the other one :) – pitosalas Sep 09 '20 at 16:05
  • This is the approach I used the last time when I needed to find out the address of the IPMI interface of a newly plugged-in server. – iBug Sep 10 '20 at 12:20
  • 5
    This answer understands that the ARP table only gets filled with things you've attempted to communicate with. The `nmap` tries to contact every IP address, which fills the ARP table - a nice solution. That said, personally, I look in my router's DHCP tables to find my Pis – Ralph Bolton Sep 10 '20 at 20:05
  • @RalphBolton yes, I would, too. – roaima Sep 10 '20 at 20:06
8

This is an indirect but sufficient answer. I realized that if I know the hostname for the Raspberry Pi then I can use ssh [email protected]. That worked.

pitosalas
  • 637
  • 2
  • 8
  • 17
  • 1
    If there is a DNS record then why not just find the address with `nslookup` or `dig`? – Nasir Riley Sep 09 '20 at 16:31
  • 6
    @NasirRiley There probably is no DNS record, the host itself responds to a mDNS query, as evidenced by the `.local` name. – Johan Myréen Sep 09 '20 at 18:32
  • @JohanMyréen No matter. If he can SSH into the machine then he can get the address that way. – Nasir Riley Sep 09 '20 at 19:50
  • I use the same to ssh to my pi.However I am wondering what happens when there are 2 rpi in the same network with the same hostname. – Manos Kounelakis Sep 10 '20 at 06:28
  • 2
    @NasirRiley `local` is the domain name used for Zeroconf, which is a domain name system without central resolver. Most modern Linux distributions come with it preinstalled, just as Raspberry Pi OS does. – rexkogitans Sep 10 '20 at 10:59
  • You al seem to know about .local. I have found it to be "unreliable". I put quotes because all I can tell is that sometimes it doesn't seem to work. Not necessarily in a cli but maybe when used (via an env variable) in code. With that vague impression, can anyone estimate what might be happening? – pitosalas Sep 10 '20 at 11:49
  • @rexkogitans I understand that. Like I said, if it can be resolved, no matter the method, he can get the IP address just by SSHing into the machine. That's enough to do what he wants. He can go ahead and accept his own answer. – Nasir Riley Sep 10 '20 at 12:38
  • 1
    @ManosKounelakis Two hosts with the same name in the same network make a lot of trouble. If this were the case, you had to rename one of them. – rexkogitans Sep 10 '20 at 12:40
  • For this to work, your local router needs to support mDNS - glad it worked for you, but it won't work for everyone. Even those with a suitable router may have set their DNS servers to some common Internet services, thus by-passing the router. Even though the router knows the Pi, and has a name assigned for it, lookups have to go there to find this information. – Ralph Bolton Sep 10 '20 at 20:07
  • 1
    @RalphBolton no, zeroconf doesn't work like that - there's no requirement for a central manager such as the router. Each host broadcasts its name and services periodically, and each other host collects that information ready for users' enquiries – roaima Sep 10 '20 at 21:08
  • But @roaima I have noticed that .local is not always reliable... Don't know why that is... – pitosalas Sep 10 '20 at 21:11
  • @RalphBolton No, any router should support this. The only networking requirement for mDNS is for [local subnetwork multicast](https://en.wikipedia.org/wiki/Multicast_address#IPv4). Since this is implemented by the ethernet switch (not the router) you're unlikely to find a router that doesn't support it (See here: https://en.wikipedia.org/wiki/Multicast_address#ethernet) – Philip Couling Sep 11 '20 at 15:02
5

Disclaimer: I am the author of this tool.

Try this tool, written for this exact purpose. It currently runs on Windows. It listens to traffic on the network and lists hosts that come up, such as your raspberry pi. It performs lookup in the IEEE OUI to detect the manufacturer.

https://github.com/jwalthour/passiveAggressor

enter image description here

John Walthour
  • 159
  • 3
3

You can know the MAC address of a pi before it starts if you assign it one when you prepare the micro-SD card. You add

smsc95xx.macaddr=hh:hh:hh:hh:hh:hh

(hh are hex bytes) to the end of the /boot/cmdline.txt file. I find this useful to quickly tell my Pis apart. Doing this overrides the default behaviour at boot time.

AdminBee
  • 21,637
  • 21
  • 47
  • 71
Michael Harvey
  • 130
  • 7
2

According to the official documentation here

You could try pinging raspberrypi.local or just raspberrypi from a computer connected in the same network and grab the IP address from the ping response.

ping raspberrypi.local

or if you want ipv4 address

ping -4 raspberrypi.local
roaima
  • 107,089
  • 14
  • 139
  • 261
Dhushyanth
  • 41
  • 1
  • 5
  • I'd suggest that a useful enhancement would be for the RPi to do a broadcast ping when it starts up, limited to say ten counts. That would make sure that as many systems as possible had a reference to it in their ARP cache, which could be consulted by users who didn't have privileged access to the DHCP server. – Mark Morgan Lloyd Sep 10 '20 at 07:25
  • Actually I have been having confusion on the difference between ARP and DHCP. Can you point me to some resources from where I can learn? – Dhushyanth Sep 10 '20 at 07:32
  • @MarkMorganLloyd Imagine if you had 1000 PIs and they all booted at once? – Neil Sep 10 '20 at 07:53
  • @Neil So? That's a few thousand ICMP and ARP messages on a LAN, which is minimal overhead compared with the DHCP handshaking. – Mark Morgan Lloyd Sep 10 '20 at 08:13
  • 1
    @Dhushyanth Wikipaedia is always a good starting point, but in 500 chars ARP is a low-level protocol by which host A can ask the other local hosts which one will respond to host B's IP address (it uses a MAC broadcast). DHCP is a somewhat higher-level protocol by which host A says "I don't have an IP address yet, can the local DHCP server please give me one" (it uses UDP on top of IP). Every host supporting IP implicitly responds to ARP requests, DHCP requests are normally broadcast and are responded to by a dedicated DHCP server which in domestic kit will usually be in an ADSL router etc. HTH – Mark Morgan Lloyd Sep 10 '20 at 08:21
1

You can use a tool called arp-scan. It performs the scan by sending ARP requests for the scanned IPs. To scan your subnet run:

arp-scan -lI eth0

while of course substituting your interface. It may require superuser privileges to run. The tool also uses an OUI database to show you the OUI associated with the MAC addresses which responded, quite often it also detects duplicate IPs.

jaskij
  • 170
  • 8
0

Assuming that all Pi's have MAC addresses start that start with b8:27:eb is a bit erroneous. My (limited) home network has Pi MAC prefix's of not only b8:27:eb:... but also dc:a6:32:... and 7e:9e:a0:... (A Pi4 and Pi3b(+?)).

In any event, I use either nmap or arp-scan to find new system IP's. I also have an /etc/crontab @reboot sleep 60 script that just does an ifconfig.

This

  1. gives me the current IP(s) and
  2. alerts me if a reboot has occurred.

This assumes that the resulting cronjob email is delivered to you.

AdminBee
  • 21,637
  • 21
  • 47
  • 71
dave58
  • 216
  • 1
  • 5