How to Scan Your Local Network with Terminal on macOS

Scan Local Network Macos Terminal Hero

The Terminal in macOS is one handy tool that few people make use of. Here we will show you how you can use the Terminal in macOS to scan your local network for troubleshooting, maintenance and general curiosity. It works a little differently from Linux’s utilities, with different flags in some cases, so don’t assume Linux skills will be accurate on macOS.

Scan Your Local Network’s Open Ports with nmap

nmap is the king of command-line port scanners on macOS, but you’ll need to install it first.

Install nmap with Homebrew

If you have Homebrew installed, run

to download and install nmap and any necessary dependencies.

Scan with nmap

nmap is built to scan a provided hostname or network address and return a list of open ports. The name stands for “network mapper,” but it’s more of a port mapper.

The simplest way to run nmap is with an IP address or range of IP addresses specified as the target; replace with the appropriate IP address to scan on your local network. This specific command scans nmap’s educational testing server at scanme.org.

Scan Local Network Macos Terminal Nmap Output

To scan for open ports on a range of IP addresses, use a slash.

To find the IP addresses of your router and various devices on your network, you can run arp or ipconfig.

Scan Local Network Macos Terminal Nmap A Output

Using the -A flag will force nmap to scan more aggressively, returning significantly more information but transparently revealing your presence in the server logs. The -A flag must be run with sudo.

Scan Local Network Macos Terminal Nmap O Output

This scans the defined IP address for the operating system (-O). Again, it must be run with sudo.

If you want to run nmap a little more stealthily, use the -sS flag:

This has the effect of forcing “half-open” scanning. This sends a TCP SYN packet to check if the port is open, but does not respond with an ACK packet when receiving an affirmative response. As such, the remote server likely won’t log the scan.

The -sS flag and other scanning mode switches must be run with sudo. For example, the -sP mode switch will scan for IP addresses but not ports, functioning something like arp below. See the nmap man page for more scanning modes.

To get more verbose results, add the -vv or -v3 tag. This will turn on more verbose logging levels, producing a more readable but longer standard output. Depending on what you’re looking for, these flags might help you find it.

Of course, you can always pipe the results of nmap into grep to search for specific results. If you wanted to check port 22 only, for example, you might run the command below:

This will return no lines if the port is not available and return the port’s status line if available.

Scan Local Network Macos Terminal Nmap Pipe Output Grep

Scan Your Local Network’s Active IP Addresses with arp

arp scans your local network for connected devices. Because arp is designed to create and modify address resolution protocols, it  has limited tools available for scanning your network. But it ships on every Mac, and it’s a rapid way to get specific information.

To see a list of all responding devices currently connected to your network, open Terminal and run:

Scan Local Network Macos Terminal Arp A

This returns a list of all devices connected to your network, reported by IP address and MAC address.

Scan Local Network Macos Terminal Arp A Output

There isn’t much more to arp. You can run  arp -a -i en0 to only get reports from your network interface en0, but that’s all.

Conclusion

The most powerful tool for scanning your local network on macOS is nmap. arp is also useful for running a ping sweep across the network. ipconfig can report results for a specific interface but is more useful for reporting interface information than scanning a network.

One comment

  1. When I was a brand new computer user back in 1998 (an Apple Mac – used entirely for personal home-computing) I was almost immediately targeted and tricked by co-workers at my factory job into inserting a floppy disk into my tower’s floppy drive. Nothing came up but a smiley face and nothing seemed to happen when I clicked on it (they said it was free Juno email software. 🙄). So I ejected it and went on my way. In 2003 it became apparent that these co-workers had access to everything I did on my Mac. I did a clean install and started over but nothing seemed to help. I did seem to lose them for one year when I subscribed to a satellite Internet service but it proved to be unreliable (and expensive!) so I went back to the phone line connection which had been dial-up but by then was DSL. They immediately were back on my trail (they just couldn’t help taunting me with their knowledge of my activities). I’m on my 3rd computer since then but am still being monitored. The thought occurred to me that they may have placed me on a network of some kind which gives them access to all (and I mean ALL) my stuff. If something like that is even possible, is there a way to identify this “external” network and remove my computer from it? Any help you might be able to lend would be more than appreciated. Thank you.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.