How Can I Scan My Network for AirPlay Devices?

Petition updateEncourage Apple to resume firmware updates for Airport Express (security, environment)How Can I Scan My Network for AirPlay Devices?

Gary LongsineMissoula, MT, United States

5 May 2025

Executive Summary

On a Mac, and assuming that you're comfortable with the UNIX command line available in the macOS app, Terminal.

Install Homebrew (a package manager)
Use Homebrew to install the open source scanner utility nmap
Scan your network for devices listening on port 7000

Optional…

If you want a graphical interface for driving nmap, you can also install zenmap.

Supporting Discussions and Details

By convention AirPlay listens on port 7000, so we'll use the open source utility nmap to scan for devices listening on that port.

The service will tell nmap a version string, something like: AirTunes 850.19.1.

By the way, that AirPlay SDK version number (AirTunes 850.19.1) or later is patched against AirBorne exploits; numbers lower than that need a firmware update.

If you find devices with an older AirPlay version, seek firmware updates from your device vendor.

If you're not already using Homebrew to manage packages, that's a handy place to start.

Instructions for installing Homebrew on macOS

Here's a relevant and helpful article which discusses how to use nmap to scan for version information about services listening on ports.

nmap - service and version detection

Next up, a few helpful magic incantations to use for scanning for devices listening on port 7000, by using nmap.

Replace the network address with your network address.

% sudo nmap -sV -p 7000 -T4 <device-ip-address-or-network-name>

Something like this…

% sudo nmap -sV -p 7000 -T4 mydevice.local

or…

% sudo nmap -sV -p 7000 -T4 192.168.0.0/24

The /24 tells nmap to scan a whole network address range using a convention called CIDR Classless Inter-Domain Routing (Wikipedia link for anyone who wants details on network addressing).

Most home networks are defined as a /24 network with 256 addresses.

You'll get a block of data back, for each device you scan that has a service listening on port 7000.

Look for the string "AirTunes".

You can filter down to relevant data by piping to grep, like this…

% sudo nmap -sV -p 7000 -T4 kitchen.local |grep AirTunes

And the data you get back, looks like this.

SF:0AirTunes/850\.19\.1\r\nX-Apple-ProcessingTime:\x203\r\nX-Apple-Request
SF:20404\x20Not\x20Found\r\nContent-Length:\x200\r\nServer:\x20AirTunes/85
SF:OST,\x20GET,\x20PUT\r\nServer:\x20AirTunes/850\.19\.1\r\nX-Apple-Proces
SF:t-Length:\x200\r\nServer:\x20AirTunes/850\.19\.1\r\nX-Apple-ProcessingT
SF:20AirTunes/850\.19\.1\r\nCSeq:\x2042\x20OPTIONS\r\nX-Apple-ProcessingTi

Have fun using nmap to scan for AirPlay devices on your network!

Support now

Sign this petition

Copy link

Facebook

Nextdoor

How Can I Protect My Network From a Possible AirBorne Worm?

AirBorne Legacy — Does a BotNet Fate Await AirPort Express?