Hosts · 4 min read

Find Linux hosts on your LAN

Two discovery passes run concurrently: a subnet sweep against port 22, and a Bonjour _ssh._tcp mDNS lookup. Results are unioned and deduplicated. Surfaces hosts you forgot were on the network — old Pis, that NAS box you set up two years ago, VMs you spun up and never shut down.

Run the discovery

+ menu in the sidebar → Discover on LAN… Noxen pre-fills the subnet from your Mac's primary network interface (typically 192.168.1.0/24 or 10.0.0.0/24) — accept it for "scan my home network", or override to scan a different subnet you have reachable (e.g. a VLAN, VPN tunnel, or a bridged Wi-Fi network). Click Start discovery.

What runs in the background

Two services kick off in parallel:

Subnet sweep (LANDiscoveryService)

Iterates every IP in the chosen /24 (256 addresses, minus the network and broadcast addresses) and attempts a TCP connect to port 22 with a 1-second timeout. Connections that succeed within the timeout register as candidates; RST/ICMP unreachable responses are skipped silently. Total time: 5–15 seconds depending on how densely populated the subnet is.

Bonjour mDNS (BonjourDiscoveryService)

Subscribes to _ssh._tcp.local. via Apple's NWBrowser API and listens for ~5 seconds. Linux hosts with avahi-daemon running, macOS hosts with Remote Login enabled, NAS/router OSes that advertise SSH (TrueNAS, OPNsense) all show up. Faster than the subnet sweep but only finds Bonjour-advertising hosts.

Review and enrol

Results unify into a table with columns: IP, hostname (when Bonjour gave one or reverse-DNS resolved), port (always 22 in v1.0), discovery source (sweep / Bonjour / both). Tick the rows to enrol; for each, the form drops you into the same identity picker as manual add — pick the SSH key you want Noxen to use.

Network considerations

• VPN / bridged interfaces — if your Mac is on multiple subnets (Wi-Fi + Ethernet + VPN), the discovery defaults to your primary interface. Override the subnet field to target a different network. The sweep and mDNS both honour macOS's interface routing rules.
• Firewalled subnets — if your router blocks intra-LAN traffic on certain VLANs (guest network isolation, IoT VLAN segregation), you'll only discover hosts in subnets the Mac can reach.
• Per-host firewalls — hosts running ufw/firewalld/iptables that drop external port 22 traffic won't appear in the sweep. They might still appear via Bonjour if avahi is publishing.
• Performance — the sweep does up to 256 concurrent connect attempts. On battery-constrained or weak-Wi-Fi setups this can spike CPU/network briefly. Cancel anytime with the Cancel button.

Privacy & etiquette

Discovery only sends to your own LAN — Noxen never scans external networks, doesn't leave the /24 you specify, and doesn't log discovery traffic. That said, scanning a network you don't own (a hotel Wi-Fi, a coworking space, your in-laws' house) is bad form even when it's legal. Stick to networks you administer; for an authoritative homelab inventory across multiple sites, use the SSH config import path instead — it doesn't touch the network at all until you scan.

False positives

The subnet sweep flags anything answering on port 22, which includes hosts that aren't Linux fleet members: consumer routers, printers with telnet-on-22 misconfigurations, IoT devices, the occasional honeypot. Noxen will try to scan whatever you enrol; non-SSH responses fail fast at the handshake stage and surface as an SSH authentication failed finding. If you enrol something that turns out to be a printer, just delete the host from the sidebar.