Today, I will be showing python code for a Network Scanner, that will find the IP address of the printer(s) on the local network. I could uses the exact same code to find the IP address of my Raspberry Pi, File Server, a custom Python server, or anything else.
But first, there are two bits of information needed; the subnet of my local network, and the port number that I am scanning for.
So lets get started.
What is my subnet?
I’m going to try to not get too technical on this subject. A detailed description about subnets is way beyond the scope of today’s topic. But I feel that leaving them out of the documentation is also wrong. So I’m going to keep this very simple, covering only what is needed for today.
If you are interested in a detailed discussion on the topic of subnets, I recommend that you do a web search for the words “common subnet”. This will return several very good articals about the topic.
The way that I am using the word subnet here, is meaning a group of 253 IP addresses.
Each device that connects to a router will be assigned one of these 253 IP addresses.
If I say that the subnet is “192.168.1.x”, I mean a group of 253 IP addresses from “192.168.1.2” up to “192.168.1.254”.
The subnet is sometimes expressed in the format “192.168.1.0/24”. Without going into a long explanation about this, format, it can be said that this is the exact same thing as “192.168.1.x”.
IP addresses ending with the numbers 0, 1, and 255 have special meaning and are reserved. They will not be assigned to any device connecting to a router. So a valid range of IP addresses for subnet “192.168.1.x” would be from “192.168.1.2” up to “192.168.1.254”.
Key Information - All routers that you are ever likely to encounter ( WiFi, Wired, Home, Business, CoffeeShop, others ) will be using one of these 3 subnets: “192.168.0.x”, “192.168.1.x”, or “192.168.2.x”.
So, if you are looking for the IP address of your printer, scanning all 3 of theses common subnets will find it, assuming that it’s on-line of course.
Interesting Info - I have heard it said that the word ‘on-line’ or ‘on-the-wire’ originally meant that a telegraph set was connected to the telegraph wire. I have never been able to verify this, but I have no reason to think that this is not the true origins of the word.
The Wild World of Ports.
Now it’s time to move on to the topic of ports.
The way that I am using the word here; a port is a number between 0 and 65535, that devices on a network uses to communicate between each other. Certain port numbers are reserved for certain types of activities.
Examples:
A laptop can communicate with a network printer by using port 515.
When your internet browser brings up a web-page ( access a web server ) is is using port 80.
When you send or receive an email, you are using ports 25, 110, 243, 465, 993, 995, and 2525 ( emails can be very complicated things ).
For port numbers bellow 1024, the Internet Assigned Numbers Authority (IANA) maintains
( or tries to maintain ) an official list of ports and what they are used for.
Example: Port number 515 should be used ONLY by network printers.
For port numbers 1024 to 49152, it becomes a bit more complicated. There are many “official” and “unofficial” ports in this range, such as application servers, proprietary telecommunication equipment, video game controllers, game chat channels, and many others.
For port numbers 49153 to 65535, its a wild, no rules, free-for-all. These are called the dynamic or private ports. Anyone can choose to use any of these ports for anything.
New ports, both official and unofficial, are being created all the time. Making a truly comprehensive list of ports near impossible. The best that can be done is a community maintained list of “Well Known Ports”.
VERY USEFUL: A very useful reference is a list of “Well Known Ports”, which is maintained by the community at large, on the Wikipedia website. This list is probably the most up-to-date on the web. If you are going to be doing any kind of work with ports, I highly recommend that you bookmark this page.
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
The NetworkScaner() function ( searching for the printer )
So, now that we know that the subnet is “192.168.0.x”, “192.168.1.x” or “192.168.2.x”, that means that the printer has to have one of the 759 possible IP addresses that this gives us.
It’s like trying to find a needle in a haystack.
The only way is to ask each of the IP addresses “Are you a printer?”.
Since I know from the section “The Wild World of Ports” ( above ) that network printers communicate using port number 515, I can attempt a connection to each of the 759 IP addresses, using port 515. And keep a list of which ones answer the connection.
This is exactly what the NetworkScaner() function does. It will scan a given subnet, for any device responding on the given port. When a responding device is found, it’s IP address is appended to the global NetScanList list.
The complete python code is shown at the bottom of this document.
#################################################
#
# Find the IP address of any network printers.
#
#################################################
print("Now scanning for Network Printers." )
print("This will take about 30 seconds.")
print("")
NetScanList = [] # Clear the list
NetworkScaner( "192.168.0.x", 515 )
NetworkScaner( "192.168.1.x", 515 )
NetworkScaner( "192.168.2.x", 515 )
print("IP addresses found:")
print( NetScanList )
A sample of the output.
This will take about 30 seconds.
IP addresses found:
['192.168.1.102']
>>>
Scanning for a VNC server.
Now let’s say that I have a Raspberry Pi, running in a headless configuration, with an VNC server running on it.
For those of you who have no ideal what I’m talking about:
A Raspberry Pi is an inexpensive computer, about the size of a credit card, that runs Linux.
A headless configuration means that the computer is set up to run without a monitor, keyboard, or mouse.
A VNC server means that I can control this computer from my laptop by using remote-control software, over a network connection.
In order to make the remote-control connection, I first need to know the IP address. But is has no monitor or keyboard. So how do I find the IP address?
After doing a little bit of research on the web, I found that the VNC server uses port 5800.
So all I need to do is do a Network Scan for port 5800, to get the IP address.
But when I did the Network Scan, I got 3 IP addresses. This is because I have 3 devices running the VNC server.
At this point, it’s simply a matter of connection to each one of the 3, to find the computer I am looking for.
NetScanList = [] # Clear the list NetworkScaner( "192.168.0.x", 5800 ) NetworkScaner( "192.168.1.x", 5800 ) NetworkScaner( "192.168.2.x", 5800 ) print( NetScanList )A sample of the output.
['192.168.1.32','192.168.1.156','192.168.1.163']
Another example.
A short time ago, I wrote an article about building a server using python, to share data and messages between multiple clients / computers.
http://gsw7.net/K700009.php
The server that I built communicates on port number 2980.
So, how can I get my clients to automatically connect to the server without knowing what the IP address is?
Simple. It does a Network Scan for anything answering on port 2980.
The IP address that answers is then kept as a variable on the client, so it doesn't have to scan again.
And that is exactly how my example clients work in the article.
NetScanList = [] # Clear the list NetworkScaner( "192.168.0.x", 2980 ) NetworkScaner( "192.168.1.x", 2980 ) NetworkScaner( "192.168.2.x", 2980 ) print( NetScanList )A sample of the output.
['192.168.1.159']
The Complete Python Script for NetworkScanner.py
"""
NetworkScanner.py
Written by Joe Roten
This script shows how to scan your
local network for a printer,
or anything else.
For documentation, see
http://gsw7.net/K700013.php
"""
import socket
import threading
import time
NetScanList = []
def NetworkScaner(subnet, intPort=27):
"""Scan the subnet for anything responding on intPort."""
for x in range(1,256):
ip = subnet.lower().replace("x", str(x).strip())
threading.Thread(target=_Check4Conn, args=(ip,intPort)).start()
time.sleep(10) # 10 seconds time delay.
return NetScanList
def _Check4Conn(ip, port):
"""Not intended to be called directly by the client script."""
global NetScanList
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(5)
if sock.connect_ex((str(ip), port)) == 0: NetScanList.append(ip)
except:
pass
try:
sock.close()
except:
pass
#################################################
#
# Find the IP address of any network printers.
#
#################################################
print("Now scanning for Network Printers." )
print("This will take about 30 seconds.")
print("")
NetScanList = [] # Clear the list
NetworkScaner( "192.168.0.x", 515 )
NetworkScaner( "192.168.1.x", 515 )
NetworkScaner( "192.168.2.x", 515 )
print("IP addresses found:")
print( NetScanList )
# End of Code
In concussion.
And that concludes what I have to say about Network Scanning in python. I hope that someone out there find’s this useful.
Everyone have a good day, and be kind to each other.
Joe Roten. www.gsw7.net/joe
Last updated: 2020-09-28
As always
The information on my website is FREE.But donations to help pay for Coffee and Beer are always welcomed.
Thanks.