IP Scan

IP Scan

The IP Scan tool discovers devices on your network, collecting IP addresses, MAC addresses, DNS names, SNMP information, and NET-BIOS names.

Overview

IP Scan allows scanning networks in two ways:

1. Active scanning - Scan a specific IP address range
2. Passive listening - Listen to an interface and collect information from passing traffic

Collected Information

Field	Description
address	IP address of network device
mac-address	MAC address of network device
time	Response time of network device
DNS	DNS name of the device
SNMP	SNMP system description
NET-BIOS	Windows network name

Caution

Do not set both address-range and interface simultaneously as results may be inconclusive.

:::warning CHR Free License Limitation /tool ip-scan is not functional on CHR free license. The command returns exit code -1 with no output. To use IP Scan, upgrade to a paid CHR license tier (P1, P10, or P-Unlimited). See CHR Licensing for details. :::

Active Scanning

Scan a specific IP address range to discover all devices:

/tool ip-scan address-range=10.0.0.1-10.0.0.254

Output:

Columns: ADDRESS, MAC-ADDRESS, TIME, SNMP
  ADDRESS         MAC-ADDRESS        TIME  SNMP
  10.0.0.1        E4:8D:8C:1C:D3:18  2ms  CCR1036-8G-2S+
  10.0.0.2        6C:3B:6B:48:0E:8B  1ms  750Gr3
  10.0.0.3                             2ms
  10.0.0.10       B8:69:F4:B3:1B:D2  0ms  CRS328-24P-4S+

Scan Options

Parameter	Description
address-range	IP range to scan (e.g., 10.0.0.1-10.0.0.254 or 10.0.0.0/24)
interface	Interface to listen on for passive scanning
timeout	Time to wait for responses

CIDR Notation

You can also use CIDR notation to specify the range:

/tool ip-scan address-range=192.168.1.0/24

This scans all 256 addresses in the 192.168.1.0/24 subnet.

Passive Listening

Instead of actively querying addresses, you can passively listen on an interface to collect information from traffic passing through:

/tool ip-scan interface=bridge1

This method:

• Does not generate additional network traffic
• Collects information from ARP, DHCP, and other broadcast traffic
• Builds a device list over time as traffic is observed

Note

Passive listening requires traffic to be flowing on the specified interface to discover devices.

Use Cases

Network Discovery

Use IP Scan to discover all devices on a network segment:

/tool ip-scan address-range=10.155.126.1-10.155.126.255

Device Identification

Identify connected devices by their MAC vendor OUI:

MAC-ADDRESS        VENDOR
E4:8D:8C:1C:D3:18  MikroTik
6C:3B:6B:48:0E:8B  MikroTik
B8:69:F4:B3:1B:D2  MikroTik

SNMP Inventory

IP Scan queries SNMP on discovered devices to identify:

• RouterBOARD models
• Switch models
• Other SNMP-enabled equipment

Troubleshooting

Not Working on CHR Free License

/tool ip-scan returns exit code -1 with no output on CHR free license. This is a known limitation — despite the command being present in the menu, it does not execute on the free tier.

Workarounds:

• Upgrade to a paid CHR license (P1 or higher)
• Use /ip arp print to see passively discovered neighbors
• Use /ping for targeted host reachability checks
• Run an external network scanner (e.g., nmap) from a management host

No Devices Found

1. Verify the IP range is correct and accessible
2. Check that devices are online and responding to ICMP
3. For passive mode, ensure traffic is flowing on the interface
4. Verify proper network connectivity

Partial Results

Some devices may not respond to all queries:

• Firewalled devices may block ICMP
• Devices without SNMP may show blank SNMP column
• Some devices may not respond to ARP requests

Performance

Large address ranges take longer to scan. Consider:

• Breaking large scans into smaller subnets
• Using passive listening for non-urgent discovery
• Running scans during maintenance windows on busy networks

Related Commands

• /tool mac-server print - Show MAC server configuration
• /ping - ICMP connectivity testing
• /tool traceroute - Path tracing
• /tool sniffer - Packet capture

Related Resources

• Official MikroTik IP Scan Documentation
• Diagnostics Overview