How to find all the used IP addresses on a network

In my work there is a lot of computer and I want make a joke. I can close computer over the network but finding IP addresses is hard to me.

How can I easily find all online IP adresses from 192.168.1.aa to 192.168.1.zz?

3

5 Answers

Generally, nmap is quite useful to quickly scan networks.

To install nmap, enter the following command in the terminal:

sudo apt-get install nmap

Once the application is installed, enter the following command:

nmap -sn 192.168.1.0/24

This will show you which hosts responded to ping requests on the network between 192.168.1.0 and 192.168.1.255.

---

For older versions of Nmap, use -sP:

nmap -sP 192.168.1.0/24

---

For additional references, see the following pages:

NMAP Installation Guide

NMAP Reference Guide

It is a very useful tool to learn.

7

If all the computers in your network are Ubuntu or any other distribution that makes use of avahi-daemon (DNS-SD), you can get a detailed list of them (with hostname and IP address) by doing:

avahi-browse -rt _workstation._tcp

If you want to know all the IP addresses used in your network, you can use arp-scan:

sudo arp-scan 192.168.1.0/24

As it is not installed by default, you'll have to install it with sudo apt-get install arp-scan. arp-scan send ARP packets to the local network and displays the responses received, so it shows even firewalled hosts (that block traffic based on IP packets).

5

Note to the reader: Original answer has been posted a while ago and at the time of when I was only learning shell scripting. See the revisited version below for a new and improved script that performs much faster.

Original Answer

nmap would be my #1 choice, but what if you don't have it ? The DIY way would be with a ping script that goes through each possible ip address on the network manually. What we have here is just while loop, where we set last number in the address, make silent single ping to the address, check if the command succeed or not (and if it did succeed,then host is obviously up ), and printf statement. Quick and dirty way, took me about 10 mins to write it, but runtime might be a bit slow,though.

#!/bin/sh
# set -x
NUM=1
while [ $NUM -lt 256 ];do ping -q -c 1 192.168.0.$NUM > /dev/null RESULT=$(echo $?) if [ $RESULT -eq 0 ]; then printf 192.168.0.$NUM"\n" fi NUM=$(expr $NUM + 1)
done

Revisited Answer

I originally posted this answer in August of 2015. Since then I've learned a bit more about shell scripting, and I once I saw this script, I thought it would be a good idea to revisit this answer to add a few improvements. Here's a few ideas:

• The script is obviously slow and ping waits for response from the host. By default, ping for two RTT, which can vary depending on how congested is your network , and as far as I understand TCP protocol doubles the wait time each time(at least according to this). So we could force ping to time out with -w 1 flag. Since we have 256 addresses and we assume 1 second for each address, the script will take about 256/60 = 4.27 minutes.

• Doing a command and then capturing its exit status with $? wasn't really necessary. The if ... then;...fi can operate on commands directly. In other words, it's sufficient to do this:

  if ping -w 1 -q -c 1 192.168.0.$NUM > /dev/null ;
  then <some other code here>
  fi

• The printf command can be rewritten as so:

  printf "IP %s is up\n" 192.168.0."$NUM"

  This is more of a stylistic change, but it's consistent with how printf works and looks like in a lot of other languages, with quoting "$NUM" variable. Quoting here isn't necessary - since we're dealing with numbers only, we don't need to anticipate word-splitting due to having spaces in a variable.

• Much better performance improvement can be achieved if we spawn several background processes. The script edit below does exactly that. I put the ping and printf into a function, pingf (yes, corny name, I know). Now, there's also one single main function which does the looping and calling of pingf.

#!/bin/sh
# Uncomment for debugging
#set -x
pingf(){ if ping -w 2 -q -c 1 192.168.0."$1" > /dev/null ; then printf "IP %s is up\n" 192.168.0."$1" fi
}
main(){ NUM=1 while [ $NUM -lt 255 ];do pingf "$NUM" & NUM=$(expr "$NUM" + 1) done wait
}
main

How much better does that work ? Not bad, actually, takes a matter of seconds.

$ time ./ping_script.sh
IP 192.168.0.1 is up
IP 192.168.0.101 is up
IP 192.168.0.27 is up
IP 192.168.0.29 is up 0m02.50s real 0m00.01s user 0m00.12s system

Things to Keep in Mind

• Windows ( starting since Windows 7 , I think ) have started blocking response to ICMP echo requests. There's quite a few questions about that on Ask Ubuntu and other sites of the sort "Hey, my Linux computer can be pinged, but not Windows ones, what's up with that ?" Just be aware of the fact that for newer Windows versions you do need to enable response to ICMP echo.

2

Netdiscover can be your answer.

To install via terminal:

sudo apt-get install netdiscover

example usage :

sudo netdiscover -r 192.168.1.0/24 -i wlan0

An IP with MAC Addreses will show on your terminal. See the screenshot

hope help you

reference

2

fping is a great tool to scan multiple hosts on a network via ICMP. If not installed, you can install it by:

sudo apt-get install fping

fping sends ICMP ECHO_REQUEST packets and mark a host as Up if it gets ECHO_RESPONSE from the host.

For example, to scan the hosts of subnet 192.168.1.0/24, you can do:

fping -g 192.168.1.0/24

For a specific number of hosts e.g. from 192.168.1.15 to 192.168.1.140:

fping -g 192.168.1.15 192.168.1.140

fping is highly configurable e.g. how many packets will be sent, the time to wait for response, output format etc.

Check man fping to get more idea.

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy