There are a few useful graphical utilities for managing your network on macOS, but for real power, you’ll need to use the Terminal. While this may sound daunting if you’re not familiar with it, you don’t need to be a technical wizard to find out more about your network with the Terminal. Under the hood, macOS runs a variant of Unix, which means you have a vast array of networking tools available. One of the most powerful of these is nmap, which can tell you a lot about your network in combination with a few other commands.
nmap is the king of command-line port scanners on macOS, but you’ll need to install it first.
Install nmap with Homebrew
If you have the Homebrew package manager installed, run
brew install nmap
to download and install nmap and any necessary dependencies.
Scan with nmap
nmap is built to scan a provided hostname or network address and return a list of open ports. The name stands for “network mapper,” but it’s more of a port mapper.
The simplest way to run nmap is with an IP address or range of IP addresses specified as the target; replace with the appropriate IP address to scan on your local network. This specific command scans nmap’s educational testing server at scanme.org.
To scan for open ports on a range of IP addresses, use a slash.
To find the IP addresses of your router and various devices on your network, you can run
sudo nmap -A scanme.nmap.org
-A flag will force nmap to scan more aggressively, returning significantly more information but transparently revealing your presence in the server logs. The
-A flag must be run with sudo. If you can’t or don’t want to use the sudo command, take a look at our guide to running nmap without sudo or root.
sudo nmap -O scanme.nmap.org
This scans the defined IP address for the operating system (
-O). Again, it must be run with sudo.
If you want to run nmap a little more stealthily, use the
sudo nmap -sS scanme.nmap.org
This has the effect of forcing “half-open” scanning and sends a TCP SYN packet to check whether the port is open but does not respond with an ACK packet when receiving an affirmative response. As such, the remote server likely won’t log the scan.
-sS flag and other scanning mode switches must be run with sudo. For example, the
-sP mode switch will scan for IP addresses but not ports, functioning something like arp below. See the nmap man page for more scanning modes.
To get more verbose results, add the
-v3 tag. This will turn on more verbose logging levels, producing a more readable but longer standard output. Depending on what you’re looking for, these flags may help you find it.
Of course, you can always pipe the results of nmap into
grep to search for specific results. If you wanted to check port 22 only, for example, you might run the command below:
nmap scanme.nmap.org | grep "22/tcp"
This will return no lines if the port is not available and return the port’s status line if available.
Scan Your Local Network’s Active IP Addresses with arp
arp scans your local network for connected devices. Because arp is designed to create and modify address resolution protocols, it has limited tools available for scanning your network. But it ships on every Mac, and it’s a rapid way to get specific information.
To see a list of all responding devices currently connected to your network, open Terminal and run:
This returns a list of all devices connected to your network, reported by IP address and MAC address.
There isn’t much more to arp. You can run
arp -a -i en0 to only get reports from your network interface en0, but that’s all.
Frequently Asked Questions
1. Is nmap a hacking tool?
While nmap can be used for nefarious purposes, there is nothing about nmap that makes it a hacking tool by itself. There is nothing wrong with using it, especially if you’re using it on your own network.
2. Do I need to install nmap with Homebrew?
No. While installing with the brew command is easy, you can also install nmap with the macOS installer from the nmap website.
3. Is nmap only available on macOS?
No. In addition to macOS, nmap is also available on Windows, Linux, and other Unix variants like FreeBSD, Solaris, and more.
4. Is this all nmap can do?
Covering everything nmap could do would take several articles. For more information, see the nmap manual.
A Suite of Network Tools
While nmap is certainly one of the most powerful network tools available, it isn’t the only software you’ll want in your toolset. For example, ipconfig is useful for getting information on network interfaces, while the arp command is useful for running a quick sweep of all the devices on your network.
For more options in macOS, learn how to install it on a USB drive.
Our latest tutorials delivered straight to your inbox