Networking - Shared to other Computers - How to find a client's IP address?

The hardware is like this:

  • Laptop with internet access via WiFi. The router is practically inaccessible.
  • Headless Banana/Raspberry/Your-Favorite-Flavor Pi that needs an SD image and some additional packages.

So I get a temporary crossover cable between the Pi and the laptop, setup the laptop's ethernet port as "Shared to other computers" (*), image the SD card, and boot the Pi. Now, what address does the Pi have so I can SSH into it?

I don't have to force a particular address, like this question wants. I just want to know what it is.


(*) Network Notification -> Edit Connections... -> Wired connection 1 -> Edit button -> IPv4 Settings tab -> Method = Shared to other computers


There's a couple things you can do. Assuming you've got single ethernet connection going from laptop to raspberry, then arp-scan will suffice. First , figure out what's the name of your ethernet interface. In my case that's eth3. Thus, here's an example:

bash-4.3$ sudo arp-scan -I eth3 --localnet
[sudo] password for xieerqi: 
Interface: eth3, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8.1 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
10.42.0.40  b8:27:eb:96:38:91   (Unknown)

1 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.8.1: 256 hosts scanned in 1.459 seconds (175.46 hosts/sec). 1 responded

In the output you can see that my Raspberry has 10.42.0.40 ip address.

The arp-scan is very simple approach and doesn't require too much sweat. Alternative methods can be used too. Here's a few of them:

  • Knowing the network's first 3 octets (for example via ip addr show eth3 command in my case), you could write a simple script that pings range of hosts. ( See below for python script that does that ).
  • fping is alternative to standard ping command, that does allow host range to be probed
  • You can use nmap to perform host discovery in variety of methods. In particular, this command: nmap -e eth3 -sn 10.42.0.0/24 would work the best - it instructs nmap to only perform host discovery with -sn option ( which underneath the hood sends ARP requests to broadcast MAC address), on interface specified by -e option. The 10.42.0.0/24 is CIDR notation for network. Quite simple.
  • Wireshark can also be used to capture packets on your Ethernet interface. Of course , your Raspberry has to send out some packets in the first place for them to be captured, so it might not work if you don't have a "talkative" raspberry. You can , however, start capture, filter by UDP protocol, unplug and plug back in Raspberry. You should see the DHCP request and response going to it

    enter image description here

  • Devices build their arp table over time when hosts appear/disappear from network, so you could also use arp -a command.

  • If you're using standard Ubuntu and didn't install any alternative DHCP servers, you can check dnsmasq leases file for which IP was assigned to your devices. For instance:

    bash-4.3$ cat /var/lib/misc/dnsmasq.leases 
    1479095355 b8:27:eb:96:38:91 10.42.0.40 localhost *
    

    See my related question here:DHCP lease for raspberry pi not found


nmap and Wireshark approaches will be quite useful if you have ethernet switch with several devices attached to it.

Since I've mentioned scripting with ping, here's one:

from subprocess import *
network = '10.42.0.'
for num in range(255):
    i = str(num)
    dn = open('/dev/null','w')
    try:
        print('checking ' + network + i)
        check_call(['ping', '-c','1', '-W',
                    '1','-q',network + i],stdout=dn)
    except CalledProcessError:
        pass
        #print('10.42.0.' + i + ' is down')
    else:
        print('>>> ' + network + i + ' is up')

This will ping range of 256 addresses of my network ( 10.42.0.x ) , and indicate which of the hosts is up. The ping times out after 1 second, therefore it will take 256 seconds to scan everything. If you only have one raspberry you can edit the script to quit if an ip responds to ping, thus speeding up the process. You could also create a certain number of threads. arp-scan however still remains faster alternative.


Maybe this link can be useful: https://www.raspberrypi.org/documentation/remote-access/ip-address.md

The core part is:

Install nmap:

apt-get install nmap

Execute a ping scan:

nmap -sn <your-subnet>

For example:

nmap -sn 192.168.1.0/24

Then you will have an output similar to this one:

Starting Nmap 6.40 ( http://nmap.org ) at 2014-03-10 12:46 GMT
Nmap scan report for hpprinter (192.168.1.2)
Host is up (0.00044s latency).
Nmap scan report for Gordons-MBP (192.168.1.4)
Host is up (0.0010s latency).
Nmap scan report for ubuntu (192.168.1.5)
Host is up (0.0010s latency).
Nmap scan report for raspberrypi (192.168.1.8)
Host is up (0.0030s latency).
Nmap done: 256 IP addresses (4 hosts up) scanned in 2.41 seconds

Sometimes i use also a mobile app if the wifi is available: https://play.google.com/store/apps/details?id=ua.com.streamsoft.pingtools