--- title: "Network" description: "Scan and discover hosts on your plant network, view interface details, and run diagnostic tools" source_url: https://ai-ops.com/docs/system/network --- # Network Navigate to **System > Network** to scan your local network for devices, view interface details, and run diagnostic commands from the Koios server. The page is organized into three tabs: **Interfaces**, **Scanner**, and **Diagnostics**. --- ## Interfaces The Interfaces tab displays a card for each network interface detected on the server. Each card shows: - **Status** — Up (teal icon) or Down (gray icon) with a status badge - **Name** — the interface identifier (e.g. `eth0`, `lo`, `docker0`) - **Link details** — speed (Mbps), MTU, and duplex mode when available - **IPv4 Address** — copyable - **Subnet Mask** — copyable - **Gateway** — copyable, if detected - **IPv6 Address** — copyable, if assigned - **MAC Address** — copyable Click any address or value to copy it to the clipboard. --- ## Scanner The Scanner tab lets you discover hosts on your plant network using ARP scanning, then view and manage the results in a table. ### Running a Scan The **Network Scanner** card at the top contains three fields: - **Interface** — select the network interface to scan from. Only active interfaces with an IPv4 address are shown. The first active interface is selected by default. - **IP Range** — CIDR notation for the subnet to scan (e.g. `192.168.1.0/24`). Auto-populated based on the selected interface. A description below the field shows the exact host range and count that will be scanned. - **Scan** — starts the ARP scan. A progress bar appears showing the current step (scanning, resolving hostnames, saving results). ### How ARP Scanning Works The network scanner sends raw ARP packets to discover hosts on your subnet. This uses a container capability called `NET_RAW`, which is included in Docker's default capability set — no extra configuration is needed for standard Docker deployments. The capability is scoped to a single dedicated process inside the container — all other Koios services (the web server, data collector, predict engine, etc.) are unaffected. The scanner can only broadcast ARP "who has this IP?" requests and read the replies on the selected interface. It cannot access traffic on other networks, read application data, or bypass firewall rules. ### Disabling ARP Scanning If your security policy requires removing raw network access from containers, you can explicitly drop the `NET_RAW` capability. This will disable the scanner — a yellow banner will appear on the Scanner tab explaining that scanning is unavailable. To disable scanning, add the `--cap-drop=NET_RAW` flag to your container start command: ```bash docker run --cap-drop=NET_RAW ... aiopinc/koios:latest ``` If you are running Koios as a systemd service, add the flag to the `ExecStart` line in your service file: ```ini ExecStart=/usr/bin/docker run --rm --name=%n --network host --cap-drop=NET_RAW ... ``` Then restart the service: ```bash sudo systemctl daemon-reload sudo systemctl restart docker.koios.service ``` > [!NOTE] Kubernetes deployments > Kubernetes Pod Security Standards may drop all capabilities by default. If scanning is unavailable in a Kubernetes deployment, add `NET_RAW` to the container's `securityContext.capabilities.add` list. ### Discovered Hosts Table Below the scanner card, a table displays all hosts discovered on the selected interface. Each row shows: | Column | Description | |--------|-------------| | **IP Address** | The host's IPv4 address (copyable) | | **MAC Address** | Hardware address (copyable) | | **Vendor** | Manufacturer identified from the MAC address OUI database | | **Hostname** | Reverse DNS hostname, if available | | **Alias** | User-defined friendly name (editable) | | **Notes** | Free-text notes (editable) | | **Last Seen** | When the host last responded to a scan | **Unresponsive hosts** — hosts that were previously discovered but did not respond during the most recent scan are dimmed in the table. Their "Last Seen" column shows the timestamp of the last successful response. ### Table Actions Open the **Actions** dropdown above the table to access: - **Edit Mode** — toggle inline editing for the Alias and Notes columns. - **Delete unresponsive hosts** — remove all hosts on the current interface that did not respond during the last scan. Useful for cleaning up stale entries without selecting them individually. A confirmation dialog appears before deletion. - **Bulk delete** — select rows using the checkboxes, then delete the selected hosts. Deleted hosts will reappear on the next scan if they are still active. Right-click any row to open a context menu with edit and delete options for that individual host. > [!TIP] Keeping the table clean > After running a scan, hosts that have gone offline are automatically dimmed. Use **Delete unresponsive hosts** in the Actions menu to remove them in one step rather than selecting and deleting individually. --- ## Diagnostics The Diagnostics tab provides four network diagnostic tools. Select a tool, enter a target, and click **Run**. Results stream in real time to a terminal-style output area. ### Ping Sends ICMP echo requests to a target host. Enter a hostname or IP address and the number of packets to send (1–100, default 4). Useful for checking basic connectivity and round-trip latency. ### Traceroute Traces the network path to a target host, showing each hop along the route. Enter a hostname or IP address. Useful for identifying where packets are being dropped or delayed. ### DNS Lookup Queries DNS records for a domain name. Select the record type from the dropdown: | Record Type | Description | |-------------|-------------| | **A** | IPv4 address | | **AAAA** | IPv6 address | | **MX** | Mail exchange server | | **NS** | Nameserver | | **TXT** | Text record | | **CNAME** | Canonical name (alias) | | **SOA** | Start of authority | | **PTR** | Pointer (reverse lookup) | | **SRV** | Service locator | ### TCP Port Check Tests whether a specific TCP port is reachable on a target host. Enter the hostname or IP, port number (1–65535, default 80), and timeout in seconds (1–30, default 5). Useful for verifying that a device's communication port is open before configuring a connection. > [!TIP] Test device connectivity > Use the TCP port check to verify that a device is reachable before creating a device connection. For example, check port 4840 for OPC-UA or port 502 for Modbus TCP. ### Results Terminal Diagnostic output streams to a terminal panel below the tool form. The terminal supports: - **Auto-scroll** — follows new output as it arrives. Scroll up to pause; scroll back to the bottom to resume. - **Pause/Resume** — buffer output while paused; flush on resume. - **Clear** — remove all output from the terminal. --- ## What's Next - [System Overview](https://ai-ops.com/docs/system/information.md) — IP address, hostname, and hardware details - [System Health](https://ai-ops.com/docs/system/performance.md) — network throughput monitoring and alarms