Not Strictly a Node-RED issue but Used as Data, nmap Problem Collecting Network Info

Some time ago @TotallyInformation published a flow to get the mac address, IO address etc of a network using nmap to collect the data. It seems that sometime in the intervening years nmap decided NOT to collect the mac address. Since the flow relies on the mac as an index this has caused the whole thing to fail. The data collected was; mac, IP, vendor, latency & date /time of collection.

Does anyone have an alternative to enable this data to be collected unsupervised. At the moment the nmap data is saved to a file which triggers a url for an HTTP node. nmap runs via crontab.

Some time ago, I wrote node-red-systeminformation to bring the systeminformation.io package & functionality to Node-RED. The MAC is available als a property of Network, for each network interface.

Hi @ralphwetzel I have & used your node for info on the Rasp Pi that instance of Node-RED runs on. I have looked at the other options but I have not been able to find one that scans all units on the network. Would you please point me in the right direction.

Regards

It does, but only when ran using sudo, which creates a problem. Same applies to reverse dns lookup with nmap.

There are several npm packages available that can be used within function nodes. In linux, you could also use ip nei in an exec node to get the mac addresses of the ip’s your host has learned, but that may not paint the complete picture you are after.

Yes, I read that but I couldn't get it to work. I run nmap from a bash and crontab (not from an exec node) and it runs as sudo and I only run it on my local network.

Edit:
I found a command that seems to give me what I want but if anyone can offer improvements I would be most grateful.

nmap --oX /tmp/nmap.xml -sP 192.168.1.0/24

This is what I was running so I now have to work out what the missing bits do

nmap -sn --oX /tmp/nmap.xml --unprivileged -R --system-dns --webxml 192.168.1.0/24

If i run this:

sudo nmap -sn 10.0.0.0/24 -oX nmap.xml
<nmaprun scanner="nmap" args="nmap -sn -oX output.xml 10.0.0.0/24" start="1754023623" startstr="Fri Aug  1 06:47:03 2025" version="7.80" xmloutputversion="1.04">
<verbose level="0"/>
<debugging level="0"/>
<host><status state="up" reason="arp-response" reason_ttl="0"/>
<address addr="10.0.0.1" addrtype="ipv4"/>
<address addr="44:D9:E7:93:0B:E7" addrtype="mac" vendor="Ubiquiti Networks"/>
<hostnames>
</hostnames>
<times srtt="2447" rttvar="5000" to="100000"/>
</host>
...

Hi @Buckskin

Couple of years ago, I have been looking for a similar solution.
I did test various options, such as:

  • Looping a ping, and also various deviates, such as hping or xping.
  • Nmap, with various switches.
  • Graphic tools, like Angry IP Scanner.

But none of these did really satisfy me.

At the end, I ended up with the command line tool of fing. (https://www.fing.com/).
Unfortunately this command line tool is not available anymore, but if someone is really interested. I still have the tool in RPM and DEB format, and also the documentation.
In this case send me a PM

I run this tool in a “Exec” node, and with a “Function” and “JSON” node it gives me the
desired result.

See the flow:

The last “Function” node is optional, because I use this to send the number of connected devices (equal to array length) to my Google Smart Home.

The result is as follows:

In this case, 52 devices are connected to my LAN.
Each element in the array shows the following (example)

Is this, what you prefer?

The flow:

[{"id": "26ac80fdb97288cc","type": "exec","z": "f447ccce.b9f9b8","command": "sudo fing -n 192.168.10.0/24 -r 1 -o table,json,console","addpay": false,"append": "","useSpawn": "false","timer": "","winHide": false,"oldrc": false,"name": "Scan Subnet","x": 410,"y": 100,"wires": [["cb228b6a37690cac"],,]},{"id": "daf82fd204f9e2e7","type": "inject","z": "f447ccce.b9f9b8","name": "Start Network Scan","props": [{"p": "payload"}],"repeat": "600","crontab": "","once": true,"onceDelay": 0.1,"topic": "","payload": "","payloadType": "date","x": 180,"y": 100,"wires": [["26ac80fdb97288cc"]]},{"id": "cb228b6a37690cac","type": "function","z": "f447ccce.b9f9b8","name": "Extract JSON string","func": "msg.payload = msg.payload.substring (msg.payload.indexOf("{"), msg.payload.lastIndexOf("}") + 1);\nreturn msg;","outputs": 1,"timeout": 0,"noerr": 0,"initialize": "","finalize": "","libs": ,"x": 640,"y": 100,"wires": [["30973414ac0fe1ea"]]},{"id": "30973414ac0fe1ea","type": "json","z": "f447ccce.b9f9b8","name": "JSON Object","property": "payload","action": "","pretty": false,"x": 870,"y": 100,"wires": [["da5afb34e823842e","7d25dfbf6eac665c"]]},{"id": "da5afb34e823842e","type": "function","z": "f447ccce.b9f9b8","name": "Number Connected Devices","func": "msg.payload = {\n    "numConnectedDevices" : msg.payload.Hosts.length\n}\nreturn msg;","outputs": 1,"timeout": 0,"noerr": 0,"initialize": "","finalize": "","libs": ,"x": 1120,"y": 100,"wires": [["6ab9a0eb8880e5e8"]]},{"id": "6ab9a0eb8880e5e8","type": "link out","z": "f447ccce.b9f9b8","name": "To Google Home","mode": "link","links": ["e791a660cc5cbb04"],"x": 1315,"y": 100,"wires": },{"id": "7d25dfbf6eac665c","type": "debug","z": "f447ccce.b9f9b8","name": "debug 18","active": true,"tosidebar": true,"console": false,"tostatus": false,"complete": "false","statusVal": "","statusType": "auto","x": 1060,"y": 140,"wires": }]

Regards

Hey! How come everyone chooses the 1 day when I’m not here to reference me! :smiley:

I would point out that my script DOES run as sudo. That is why it is triggered by root’s CRON service and not by Node-RED. The script uses the nmap XML output to a tmp file and calls a node-red endpoint so that Node-RED triggers the import of the file.

#! /usr/bin/env bash
# Fast scan the local network for live devices and record
# to /tmp/nmap.xml which can be used in Node-RED
#
# To run manually:
#   sudo /home/home/nrmain/system/nmap_scan.sh
#
# To run via cron:
#   sudo crontab -e
#       01,16,31,46 * * * * /home/home/nrmain/system/nmap_scan.sh

# Run the scan
nmap -sn --oX /tmp/nmap.xml --privileged -R --system-dns --webxml 192.168.1.0/24
# Make sure ownership & ACLs on the output are secure
chown root:home /tmp/nmap.xml
chmod --silent 640 /tmp/nmap.xml
# Trigger the Node-RED update
#curl  --silent --output /dev/null 'http://localhost:1880/localnetscan' > /dev/null
#curl --insecure -I 'https://localhost:1880/localnetscan'
curl -I 'http://localhost:1880/localnetscan'

Yep, that's what I was using. If you check now I think you will find that your original flow no longer works (I expect a young whipper snapper like you has updated the flow by now - if so any chance of seeing it?) as it used the mac as an index ID.

On reinspection I note that you have --privileged rather than --unprivileged so yours does still work. I must have messed up at some time.

Apologies all round mea culpa :blush:

So it does. I have done some testing and it appears that the --unprivileged entry is the issue. Take that out and it works. Or as I just realised (see above) use --privileged instead