Who ate all the Pis?

So youv’e just set up your Raspberry Pi, configured SSH and plugged everything in and it’s now happily sitting on your network. Great. But to connect to it you are going to need to know its IP address, and there isn’t really one definitive way of doing this unfortunately so we have to just do what works for us.

We are going to do all of this work in the terminal only going to be using the software tools NMap and Arp, both of which are easily installable from either your package manager, homebrew or you can download them directly. All of which is very easy to do.

Finding the Pis

My first thought was to just do a quick scan using nmap for any machine on my local network that had the standard SSH port 22 open and ready for connection, I did that using the following command:

nmap -T5 -n -p 22 --open --min-parallelism 200 192.168.0.0/24
  • -T5: ‘Insane’ timing profile, very agressive scan rate and low delays.
  • -n: Turn off reverse DNS lookup
  • -p22 –open: Only look at port 22, and find open ones
  • –min-paralellism 200: Scan in large (almost subnet-sized) chunks

Which is great and works and all that but it’s pretty useless because it returns every machine on the network that will allow you to connect to it via SSH which is probably almost all of them. The only time this is useful is if the only machine on your network that you can connect to via SSH is your new Raspberry Pi; but that’s pretty unlikely. This is a sample output of what you’ll get if you run the above command so you can see what I mean:

➜  ~ nmap -T5 -n -p 22 --open --min-parallelism 200 192.168.0.0/24
Warning: Your --min-parallelism option is pretty high!  This can hurt reliability.

Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-30 11:40 GMT
Nmap scan report for 192.168.0.10
Host is up (0.0021s latency).

PORT   STATE SERVICE
22/tcp open  ssh

Nmap scan report for 192.168.0.16
Host is up (0.0019s latency).

PORT   STATE SERVICE
22/tcp open  ssh

Nmap scan report for 192.168.0.21
Host is up (0.0017s latency).

That’s just the top three entries in a very long list and as you can see there is absolutely no way to tell which of those machines is a Mac laptop, iPhone or the Raspberry Pi we are looking for.

Luckily, the people at the Raspberry Pi Foundation had the foresight to make it so that every Raspberry Pi on the planet has a MAC address that begins with the same six characters, which are: b8:27:eb. This means that we can use the arp networking tool to display the arp table for our network which will give us all of the machines that we’ve communicated with in a list including the MAC addresses, then we can just pick out the Raspberry Pi’s at our leisure.

So in your terminal, run this command:

arp -a

The command you just entered will give you a big long list that looks like this:

➜  ~ arp -a
? (192.168.0.10) at b8:27:eb:xx:xx:xx on en1 ifscope [ethernet]
? (192.168.0.10) at b8:27:eb:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.0.23) at d0:73:d5:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.0.30) at d0:73:d5:xx:xx:xxa on en0 ifscope [ethernet]
? (192.168.0.32) at 28:f0:76:xx:xx:xx on en1 ifscope permanent [ethernet]
? (192.168.0.37) at b8:27:eb:xx:xx:xx on en1 ifscope [ethernet]
? (192.168.0.37) at b8:27:eb:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.0.40) at 18:b4:30:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.0.45) at d0:73:d5:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.0.49) at b8:27:eb:xx:xx:xx on en1 ifscope [ethernet]
? (192.168.0.49) at b8:27:eb:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.0.51) at b8:27:eb:xx:xx:xx on en1 ifscope [ethernet]
? (192.168.0.51) at b8:27:eb:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.0.52) at b8:27:eb:xx:xx:xx on en1 ifscope [ethernet]
? (192.168.0.52) at b8:27:eb:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.0.55) at d0:73:d5:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.0.58) at e4:f0:42:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.0.63) at a4:77:33:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.0.64) at 40:b4:cd:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.0.65) at 40:b4:cd:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.0.66) at 78:e1:3:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.0.67) at dc:a9:4:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.0.69) at b8:27:eb:xx:xx:xx on en1 ifscope [ethernet]
? (192.168.0.69) at b8:27:eb:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.0.70) at d0:73:d5:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.0.74) at 18:b4:30:xx:xx:xx on en0 ifscope [ethernet]
? (192.168.0.81) at b8:27:eb:xx:xx:xx on en0 ifscope [ethernet]

NOTE: I’ve changed the last three octets of these MAC addresses to protect the innocent!

Ooooh, so close! As you can see it’s returned a list of every machine on the local network with their MAC addresses. Useful yes, and there are some Raspberry Pi’s in the list (Mac addresses beginning with b8:27:eb) but the list also includes every other machine on the network that your local machine has communicated with1. What we need is some way of finding all of the Raspberry Pi’s on our LAN, whether that’s just one or one hundred of them and then printing out a nice list of their IP addresses.

Grep to the Rescue!

Grep is a commandline utility that searches through pretty much any plain text you throw at it, and then helps you sort through it to find the information you’re looking for typically using regular expressions. It’s an incredibly simple tool, but it can be used in very powerful ways to search large amounts of text very quickly.

This command takes the arp -a command we used above to generate that huge list of every device in our network, it then passes that list onto the Grep commands so that it can be sorted and only display the information we are looking for. In this case it’s the IP address:

arp -a | grep b8:27:eb | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'

If you’re anything like me you will end up with a huge list of IP addresses, but if this is your first Raspberry Pi you should end up with one IP address on a line by itself like this:

192.168.1.155

The IP address that is returned will differ depending on what the DHCP server on your router uses, but it will almost certainly begin with one of the following, where X is the individual number of your Raspberry Pi:

192.168.0.X
192.168.1.X
10.0.0.X

Everybody Should Have an Alias

If you’re planning on buying more than one Raspberry Pi then I recommend you keep a note somewhere of each of your Pi’s IP addresses so that you can differentiate them later, but it’s also really useful to create an alias in the terminal to stop you having to type out that massive command each time you want to search for a Pi on your network.

First you need to open up either your bash configuration file or whichever configuration file your Terminal uses. If you haven’t changed it and have no idea that there are other possibilities then you are almost certainly using bash as that’s what comes as default on every Raspberry Pi.

To open the bash configuration file use the following command:

nano ~/.bashrc

If you are using the ZShell like me, the command would be:

nano ~/.zshrc

Whichever it is, add the following line somewhere near the bottom of the file:

alias find-pies="arp -a | grep b8:27:eb | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'"

Then exit the nano text editor by hitting Control X, pressing the letter Y to agree to the changes and then pressing the Enter key to accept the filename. You’ll then find yourself back at the command prompt but you won’t be able to use the alias until you’ve reloaded your current session, you can do this either by logging out and then logging back in to your Pi or by typing: source ~/.bashrc.

Now, every time you type find-pies you should get a nice list of IP addresses from every Raspberry Pi on your network. Using arp isn’t foolproof but it works pretty much all of the time, and if it doesn’t work the first time just try running it again and it will almost certainly find it.

If all else fails, login to your router and find the DHCP section looking for any machine that has the MAC address beginning with the letters b8:27:eb and you should be golden. Every router is different but yours will almost certainly have a DHCP page, but going through them all is outside the scope of this post. It should be easily Googleable for your particular router though.

But as always, if you get stuck just contact me through the usual channels. You can either hit me up on Twitter at @scapologybb, via email or the contact form below. Have fun!

  1. Yes, I’m fully aware just how many Raspberry Pi’s and there are in that list. What of it?!