Identifying active devices and services on your local network can be achieved with a single command in the terminal. This guide shows you how to do service discovery in linux simple using built-in tools and a few easy commands. You don’t need to be a network expert to find what’s connected to your network or what services are running.
Service discovery helps you see printers, file shares, media servers, and other devices. It’s useful for troubleshooting, security checks, or just knowing your network better. Let’s start with the basics and work up to more advanced methods.
How To Do Service Discovery In Linux Simple
Before diving into commands, understand what service discovery means. It’s the process of finding network services and devices automatically. Linux has several tools for this, and most are already installed or easy to add.
The simplest approach uses multicast DNS (mDNS) and DNS Service Discovery (DNS-SD). These protocols let devices announce their services without a central server. Your Linux machine can listen for these announcements and show you what’s available.
Using Avahi For Zero-Configuration Discovery
Avahi is the most common tool for service discovery on Linux. It implements mDNS/DNS-SD and works out of the box on most distributions. First, check if Avahi is installed.
Open a terminal and type:
avahi-browse -a
This command lists all services on your local network. You’ll see things like SSH servers, HTTP services, and printers. The output shows service type, name, address, and port.
If Avahi isn’t installed, you can add it with:
sudo apt install avahi-utils (Debian/Ubuntu)
sudo yum install avahi-tools (RHEL/CentOS)
sudo dnf install avahi-tools (Fedora)
Filtering Services By Type
You don’t have to see everything at once. Use the -t flag to filter by service type. For example, to see only SSH services:
avahi-browse -t _ssh._tcp
Common service types include:
_http._tcp– Web servers_smb._tcp– Samba file shares_ipp._tcp– Printers_airplay._tcp– Apple AirPlay devices_spotify-connect._tcp– Spotify speakers
You can combine multiple filters or use wildcards. The -a flag shows all, but -t gives you focused results.
Using Nmap For Network Scanning
Nmap is a powerful network scanner that can also do service discovery. It’s more advanced than Avahi but gives you deeper control. Install it first if you don’t have it.
sudo apt install nmap
The basic service discovery command is:
sudo nmap -sV 192.168.1.0/24
Replace the IP range with your network. The -sV flag enables version detection, which identifies services and their versions. This scans all 254 possible hosts on a typical subnet.
For faster results, use:
sudo nmap -sn 192.168.1.0/24
This ping scan only finds live hosts without probing services. Then you can scan individual hosts for services.
Scanning Specific Ports
If you know what services you’re looking for, target specific ports. For example, to find web servers:
sudo nmap -p 80,443 192.168.1.0/24
You can list multiple ports separated by commas. Nmap will report which hosts have those ports open and what services are likely running.
Nmap’s service detection isn’t perfect, but it’s very reliable for common services. It can identify over 1,000 service signatures.
Using Systemd-Resolved For Local Service Discovery
Modern Linux systems use systemd-resolved for DNS. It also supports mDNS, which means you can resolve .local hostnames without extra tools. This is a simpler approach for basic discovery.
First, ensure systemd-resolved is enabled:
sudo systemctl enable --now systemd-resolved
Then edit /etc/systemd/resolved.conf and set:
MulticastDNS=yes
Restart the service:
sudo systemctl restart systemd-resolved
Now you can ping any .local hostname to see if it responds. For example:
ping myprinter.local
This only works if the device announces itself via mDNS. Most modern devices do this by default.
Listing All .local Hosts
To see all .local hosts on your network, use:
resolvectl mdns
This shows the mDNS status and any discovered hosts. It’s not as detailed as Avahi but works without additional software.
Using Netcat For Manual Probing
Netcat (nc) is a simple tool for checking if a port is open. It’s useful when you suspect a service but aren’t sure. Use it like this:
nc -zv 192.168.1.10 22
The -z flag scans without sending data, and -v gives verbose output. You’ll see “Connection succeeded” if the port is open.
For a range of ports:
nc -zv 192.168.1.10 20-80
This checks ports 20 through 80. It’s slow for large ranges but works for quick checks.
Netcat doesn’t identify services by name, but you can guess based on common port numbers. Port 22 is SSH, port 80 is HTTP, port 443 is HTTPS, and so on.
Using SS For Local Service Discovery
Sometimes you want to discover services running on your own machine. The ss command shows socket statistics, including listening services.
ss -tuln
This shows all TCP and UDP listening ports with numeric addresses. The output includes port numbers and the services bound to them.
For more detail, use:
ss -tulnp
The -p flag shows the process name. You’ll need root privileges for this on some systems.
Understanding SS Output
The output has columns for:
- State – Listening or established
- Recv-Q – Receive queue size
- Send-Q – Send queue size
- Local Address – IP and port on your machine
- Peer Address – Remote IP and port (blank for listening)
- Process – The program using the port
This helps you identify what services are running and on which ports. It’s the fastest way to check your own system.
Using Lsof For Process-Level Discovery
The lsof command lists open files, including network connections. It’s more detailed than ss but requires root for full information.
sudo lsof -i
This shows all network connections and listening services. The output includes the process ID, command name, and protocol.
To filter by port:
sudo lsof -i :22
This shows only connections on port 22. You can replace 22 with any port number.
Lsof is especially useful when you see a service running but don’t know what program started it.
Using Wireshark For Deep Packet Inspection
For advanced users, Wireshark captures network traffic and shows service announcements. It’s overkill for simple discovery but useful for troubleshooting.
Install Wireshark:
sudo apt install wireshark
Start capturing on your network interface:
sudo wireshark
Apply a display filter for mDNS:
mdns
You’ll see all mDNS packets, including service announcements. This is the most detailed method but requires understanding of network protocols.
Using Python For Custom Discovery Scripts
If you need to automate service discovery, Python has libraries for this. The zeroconf library implements mDNS/DNS-SD.
Install it:
pip install zeroconf
Here’s a simple script to discover services:
from zeroconf import Zeroconf, ServiceBrowser
class MyListener:
def remove_service(self, zeroconf, type, name):
print(f"Service {name} removed")
def add_service(self, zeroconf, type, name):
info = zeroconf.get_service_info(type, name)
print(f"Service {name} added, service info: {info}")
zeroconf = Zeroconf()
browser = ServiceBrowser(zeroconf, "_http._tcp.local.", MyListener())
try:
input("Press enter to exit...\n\n")
finally:
zeroconf.close()
This script listens for HTTP services and prints their details. You can modify the service type to discover anything.
Using Dnsmasq For Local DNS Discovery
Dnsmasq can act as a local DNS server and cache mDNS records. It’s useful if you want a centralized discovery point.
Install Dnsmasq:
sudo apt install dnsmasq
Configure it to enable mDNS in /etc/dnsmasq.conf:
enable-mdns
Restart the service:
sudo systemctl restart dnsmasq
Now you can query .local hostnames using nslookup or dig:
nslookup mydevice.local
This works if Dnsmasq is your DNS server. It’s more reliable than systemd-resolved for some setups.
Using Netdiscover For ARP-Based Discovery
Netdiscover uses ARP requests to find active devices. It doesn’t identify services, but it shows IP and MAC addresses. This is useful as a first step.
Install it:
sudo apt install netdiscover
Run it:
sudo netdiscover -r 192.168.1.0/24
The output shows all responding devices with their MAC addresses and vendors. You can then use other tools to probe these devices for services.
Using Fping For Quick Host Discovery
Fping is faster than traditional ping for scanning multiple hosts. It sends ICMP echo requests to a range of IPs and reports which ones respond.
Install it:
sudo apt install fping
Scan your subnet:
fping -a -g 192.168.1.0/24 2>/dev/null
The -a flag shows only alive hosts, and -g generates the IP range. This gives you a list of active devices in seconds.
Using Arp-Scan For MAC Address Discovery
Arp-scan sends ARP requests and shows MAC addresses with vendor information. It’s similar to netdiscover but often faster.
Install it:
sudo apt install arp-scan
Run it:
sudo arp-scan --localnet
The output includes IP, MAC, and vendor. This helps identify device types before probing for services.
Using Mdns-scan For MDNS Discovery
Mdns-scan is a dedicated tool for mDNS service discovery. It’s simpler than Avahi for quick scans.
Install it:
sudo apt install mdns-scan
Run it:
mdns-scan
This lists all .local hosts and their services. The output is clean and easy to read.
Using Service Discovery In Scripts
You can combine these tools in shell scripts for automated discovery. For example, a script that finds all HTTP servers:
#!/bin/bash
echo "Scanning for HTTP servers..."
sudo nmap -p 80,443 --open 192.168.1.0/24 | grep "Nmap scan report" | awk '{print $5}'
Save this as find_http.sh, make it executable with chmod +x find_http.sh, and run it.
You can extend this to check for other services by changing the ports.
Troubleshooting Common Issues
Service discovery sometimes fails. Here are common problems and fixes:
- Firewall blocking mDNS – Ensure UDP port 5353 is open. Use
sudo ufw allow 5353/udpif using UFW. - Avahi not running – Check with
systemctl status avahi-daemon. Start it withsudo systemctl start avahi-daemon. - Network isolation – Some networks isolate devices. Try scanning from the same subnet.
- Incorrect IP range – Verify your subnet with
ip addr showorifconfig. - Permissions – Many tools need root. Use
sudowhen commands fail.
Security Considerations
Service discovery can reveal sensitive information. Only scan networks you own or have permission to test. Unauthorized scanning may be illegal.
On your own network, disable unnecessary services to reduce attack surface. Use firewalls to limit exposure. Regularly scan to check for unauthorized devices.
Some services announce themselves publicly. Be aware of what your devices broadcast. You can disable mDNS on sensitive systems.
Comparing Tools For Different Scenarios
Choose the right tool based on your needs:
- Quick check – Use Avahi or mdns-scan
- Detailed scan – Use Nmap with version detection
- Local services – Use ss or lsof
- Automation – Use Python with zeroconf
- Deep analysis – Use Wireshark
- Host discovery – Use fping or arp-scan
Each tool has strengths. Start with Avahi for simplicity, then move to Nmap for depth.
Real-World Examples
Here are practical scenarios:
Finding a printer – Use avahi-browse -t _ipp._tcp to find IPP printers. The output shows the printer name and address.
Checking for rogue SSH servers – Use sudo nmap -p 22 --open 192.168.1.0/24 to list all SSH servers. Compare with your known devices.
Discovering media servers – Use avahi-browse -t _http._tcp and look for Plex or DLNA services.
Verifying a service is running – Use <