nut-scanner - scan communication buses for NUT devices


nut-scanner -h

nut-scanner [OPTIONS]


nut-scanner scans available communication buses and displays any NUT-compatible devices it has found.

nut-scanner can also display the detected devices in various formats, including ups.conf, and ensures that the generated devices name are unique across buses.


nut-scanner is only built if libltdl (part of libtool development suite) is available. Available options (USB, SNMP, IPMI, …) will vary according to the available compile time and runtime dependencies. For example, if Net-SNMP is installed, thus providing libsnmp (.so or .dll) and headers, both during compilation and runtime, then SNMP discovery will be available.



Display the help text.


-Q | --disp_nut_conf_with_sanity_check

Display result in the ups.conf format with sanity-check warnings (if any) as comments (default).

-N | --disp_nut_conf

Display result in the ups.conf format.

-P | --disp_parsable

Display result in a parsable format.


-C | --complete_scan

Scan all available communication buses (default behavior)

-U | --usb_scan

List all NUT-compatible USB devices currently plugged in.

This option can be specified several times, for more hardware link-specific details; these can be counter-productive in case of USB enumeration changes over time:

| -U | do not report any bus/device/busport details | | -UU | report bus and busport, if available | | -UUU | report bus/device/busport details | | -UUUU | report bus/device/busport details, and bcdDevice (limited use and benefit) |

For reliability, it is preferable to match just by vendor and product identification, and a serial number if available and unique.
-S | --snmp_scan

Scan SNMP devices. Requires at least a start IP, and optionally, an end IP. See specific SNMP OPTIONS for community and security settings.

-M | --xml_scan

Scan XML/HTTP devices. Can broadcast a network message on the current network interface(s) to retrieve XML/HTTP capable devices. No IP required in this mode. If IP address ranges are specified, they would be scanned instead of a broadcast.

-O | --oldnut_scan

Scan NUT devices (i.e. upsd daemon) on IP ranging from start IP to end IP.

-n | --nut_simulation_scan

Scan NUT simulated devices (.dev files in $NUT_CONFPATH).

-A | --avahi_scan

Scan NUT servers using Avahi request on the current network interface(s). No IP address options are required or used.

-I | --ipmi_scan

Scan NUT compatible power supplies available via IPMI on the current host, or over the network if IP address ranges are specified.

-E | --eaton_serial serial ports

Scan Eaton devices (XCP and SHUT) available via serial bus on the current host. This option must be requested explicitly, even for a complete scan. serial ports can be expressed in various forms:

  • auto to scan all serial ports.

  • a single character indicating a port number (0 (zero) for /dev/ttyS0 and /dev/ttyUSB0 on Linux, 1 for COM1 on Windows, a for /dev/ttya on Solaris…)

  • a range of N characters, hyphen separated, describing the range of ports using X-Y, where X and Y are characters referring to the port number.

  • a single port name.

  • a list of ports name, coma separated, like /dev/ttyS1,/dev/ttyS4.


The networked buses (such as SNMP, NetXML, IPMI and "Old NUT") allow to specify several IP (IPv4 or IPv6) address ranges, down to individual single IP addresses. Normally a new range is specified by a set of one -s and one -e options following each other (in any order). Lone or consecutive -s or -e options present on the command line would translate to single-IP queries. Also a -m option squashed between two -s and -e options would be a new range, turning those two into single-IP queries. This feature does not by itself recombine "neighboring" addresses into one range, nor even check for duplicate or overlapping specifications.

+ Also note that some buses require IP address(es) to scan, and others have a different behavior when exactly no addresses are specified (it is not currently possible to mix the two behaviors in one invocation of the nut-scanner tool).

+ A single-address range may be a host name which would be resolved into one IP address by the system resolver. A CIDR using a host name and netmask length would be resolved into an IP address and subjected to the mask application, to query hosts "near" the named one.

+ Finally note that currently even if multi-threaded support is available, each range specification is a separate fan-out of queries constrained by the timeout. Requests to scan many single IP addresses will take a while to complete, much longer than if they were a single range. This will be hopefully fixed in later releases.

-t | --timeout timeout

Set the network timeout in seconds. Default timeout is 5 seconds.

-s | --start_ip start IP

Set the first IP (IPv4 or IPv6) when a range of IP is required (SNMP, old_nut) or optional (XML/HTTP).

-e | --end_ip end IP

Set the last IP (IPv4 or IPv6) when a range of IP is required (SNMP, old_nut) or optional (XML/HTTP). If this parameter is omitted, only the start IP is scanned. If end IP is less than start IP, both parameters are internally permuted.

-m | --mask_cidr IP address/mask

Set a range of IP addresses by using CIDR notation.

A special form -m auto allows nut-scanner to detect local IP address(es) and scan corresponding subnet(s) on supported platforms, and -m auto4 or -m auto6 limits the selected addresses to IPv4 and IPv6 respectively. Only the first "auto*" request would be honoured, others ignored with a warning.

An /ADDRLEN suffix can be added to the option, to filter out discovered subnets with too many bits available for the host address part (avoiding millions of scans in the extreme cases). For example, if your IPv4 LAN’s network range is, its address part is (32-24)=8. Note that while this is applied to IPv6 networks also, their typical /64 subnets are not likely to have a NUT/SNMP/NetXML/… server that close nearby (in addressing terms), for a tight filter to find them. Default is 8.


-p | --port port number

Set the port number of scanned NUT devices (default 3493).


-c | --community community

Set SNMP v1 community name (default = public).


-l | --secLevel security level

Set the security level used for SNMPv3 messages. Allowed values are: noAuthNoPriv, authNoPriv and authPriv. This parameter is mandatory if you use non-trivial authentication.

-u | --secName security name

Set the security name used for authenticated SNMPv3 messages. This parameter is mandatory if you set security level.

-w | --authProtocol authentication protocol

Set the authentication protocol used for authenticated SNMPv3 messages. Allowed values are MD5, SHA, SHA256, SHA384 or SHA512 (depending on Net-SNMP library capabilities; check help of the nut-scanner binary program for the run-time supported list). Default value is MD5.

-W | --authPassword authentication pass phrase

Set the authentication pass phrase used for authenticated SNMPv3 messages. This parameter is mandatory if you set security level to authNoPriv or authPriv.

-x | --privProtocol privacy protocol

Set the privacy protocol used for encrypted SNMPv3 messages. Allowed values are DES, AES, AES192 or AES256 (depending on Net-SNMP library capabilities; check help of the nut-scanner binary program for the run-time supported list). Default value is DES.

-X | --privPassword privacy pass phrase

Set the privacy pass phrase used for encrypted SNMPv3 messages. This parameter is mandatory if you set security level to authPriv.


-b | --username username

Set the username used for authenticating IPMI over LAN connections (mandatory for IPMI over LAN. No default).

-B | --password password

Specify the password to use when authenticating with the remote host (mandatory for IPMI over LAN. No default).

-d | --authType authentication type

Specify the IPMI 1.5 authentication type to use (NONE, STRAIGHT_PASSWORD_KEY, MD2, and MD5) with the remote host (default=MD5). This forces connection through the lan IPMI interface , thus in IPMI 1.5 mode.

-L | --cipher_suite_id cipher suite identifier

Specify the IPMI 2.0 cipher suite ID to use. The Cipher Suite ID identifies a set of authentication, integrity, and confidentiality algorithms to use for IPMI 2.0 communication.

The authentication algorithm identifies the algorithm to use for session setup, the integrity algorithm identifies the algorithm to use for session packet signatures, and the confidentiality algorithm identifies the algorithm to use for payload encryption (default=3).

The following cipher suite ids are currently supported (Authentication; Integrity; Confidentiality):

  • 0: None; None; None

  • 1: HMAC-SHA1; None; None

  • 2: HMAC-SHA1; HMAC-SHA1-96; None

  • 3: HMAC-SHA1; HMAC-SHA1-96; AES-CBC-128

  • 6: HMAC-MD5; None; None

  • 7: HMAC-MD5; HMAC-MD5-128; None

  • 8: HMAC-MD5; HMAC-MD5-128; AES-CBC-128

  • 11: HMAC-MD5; MD5-128; None

  • 12: HMAC-MD5; MD5-128; AES-CBC-128

  • 15: HMAC-SHA256; None; None

  • 16: HMAC-SHA256; HMAC_SHA256_128; None

  • 17: HMAC-SHA256; HMAC_SHA256_128; AES-CBC-128


-V | --version

Display NUT version.

-a | --available

Display available buses that can be scanned, depending on how the nut-scanner binary program has been compiled. (e.g. OLDNUT, USB, SNMP, XML, AVAHI, IPMI).

-q | --quiet

Display only scan result. No information on currently scanned bus is displayed.

-D | --nut_debug_level

Raise the debugging level. Use this multiple times to see more details.

The level of debugging needed depends both on nut-scanner and the problem you’re trying to diagnose. Therefore, first explain the problem you have with nut-scanner to a developer/maintainer, before sending them debugging output. More often than not, if you just pick a level, the output may be either too limited or too verbose to be of any use.


To scan USB devices only:

:; nut-scanner -U

        driver = "snmp-ups"
        port = ""

To scan SNMP v1 device with public community on address range to

:; nut-scanner -S -s -e

        driver = "snmp-ups"
        port = ""

The same using CIDR notation:

:; nut-scanner -S -m

        driver = "snmp-ups"
        port = ""

To scan NUT servers with a timeout of 10 seconds on IP range to using CIDR notation:

:; nut-scanner -O -t 10 -m

        driver = "dummy-ups"
        port = "dummy-test@"

To scan for power supplies, through IPMI (1.5 mode) over the network, on address range to using CIDR notation:

:; nut-scanner -I -m -b username -B password

To scan for Eaton serial devices on ports 0 and 1 (/dev/ttyS0, /dev/ttyUSB0, /dev/ttyS1 and /dev/ttyUSB1 on Linux):

:; nut-scanner --eaton_serial 0-1

To scan for Eaton serial devices on ports 1 and 2 (COM1 and COM2 on Windows):

:; nut-scanner --eaton_serial 1-2


Internet resources:

The NUT (Network UPS Tools) home page: