How to find Raspberry Pi IP address (DHCP)

tags: raspberry pi ip address bash nmap

I got my first Raspberry Pi.

I do not have a display and a keyboard that make OS installation process simple. After some search, I found solution which uses preconfigured SD card using a laptop. Used NOOBS v1.5.0 with changed recovery.cmdline file.


runinstaller quiet ramdisk_size=32768 root=/dev/ram0 init=/init vt.cur_default=1 elevator=deadline


runinstaller quiet ramdisk_size=32768 root=/dev/ram0 init=/init vt.cur_default=1 elevator=deadline silentinstall

I put card to Raspberry and powered it on. It took about 10-15 minutes to complete installation, but I still could not connect to it, because I did not know its IP address.

First of all you need to know range of your router’s DHCP addresses. In common case they will be 192.168.1.[0-255] or 10.0.0.[0-255]. Using ifconfig give me laptop IP address: on wlan0 interface. It means my router uses 10.0.0.[0-255] range (

My first solution was simple ping all addresses in this subnetwork (one-liner in bash):

$ for i in {1..254}; do ping -w 1 10.0.0."${i}">/dev/null; if [[ "${?}" == 0 ]] ; then echo "10.0.0.${i}"; fi; done; echo "end";

It works, but you need to try ssh connect to all results to identify Raspberry Pi (by the way, default user/password will be: pi / raspberry). I run it during installation and did not care about performance.

Result: <--- PI! <--- me

When new address appeared here I used it. It was Raspberry, but it was very slow…

The right solution is using nmap and 22 port only:

$ nmap -sV -p 22

Starting Nmap 6.40 ( ) at 2015-12-13 16:11 PST


Nmap scan report for
Host is up (0.063s latency).
22/tcp open  ssh     (protocol 2.0)
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at :
SF:L,22,"SSH-2\.0-OpenSSH_6\.7p1\x20Raspbian-5\r\n"); <--- PI!


Service detection performed. Please report any incorrect results at .
Nmap done: 256 IP addresses (4 hosts up) scanned in 9.58 seconds

Result presents only available IP addresses without OS type, but it takes only 9.58 seconds!

$ ssh -Ct [email protected]
[email protected]'s password:

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sat Dec  5 11:17:11 2015
[email protected]:~ $

Now official blog explains, how to do this:

Note: I use Ubuntu.