2

I am trying to find a reliable way to view all of the host/machine names on a local network, so for instance "Jim's Ipad" or "Austi's IMac". At the moment the only way I can do it is by looking through the dhcp request logs which usually shows the names, although I was wondering if there was a way to simply list all of the names on a network at once? I've tried nmap -sP 192.168.1.*, which only seemed to give the manufacturer of the machines instead of the actual machine/domain name:

MAC Address: 00:1D:BA:40:14:31 (Sony)
Host 192.168.1.109 is up (0.00073s latency).
MAC Address: 00:50:94:C8:1C:02 (Pace Micro Technology PLC)
Host 192.168.1.111 is up (0.00011s latency).
MAC Address: 00:24:8C:EA:F0:7D (Asustek Computer)
Host 192.168.1.112 is up (0.0054s latency).
MAC Address: 00:18:71:5C:D2:BA (Hewlett Packard)
Host 192.168.1.117 is up (0.0049s latency).

I've also tried tried nmap -sL 192.168.1.*, which does not seem to work at all, it just lists all of the IPs and says they are not scanned, no additional information or anything of the sort. I am running these commands from a debian server that is acting as a router/gateway for the network. Any help would be much appreciated, thanks!

lacrosse1991
  • 1,437
  • 5
  • 20
  • 26
  • do you control the dns server ? – Sirex Feb 17 '13 at 22:07
  • Yes, I have a bind server running that the rest of the computers in the network use as a dns caching server – lacrosse1991 Feb 17 '13 at 22:13
  • I'm not posting this as an answer as i don't know for a fact that it'll work (or even a good idea!). But you could do a dns zone transfer to your workstation ? – Sirex Feb 17 '13 at 22:49

3 Answers3

4

If you aren't running dynamic DNS or if all of your machines don't have a DNS entry, your dhcp database is probably as good a list as you are going to get. NMAP will not resolve hosthames without reverse DNS, AFAIK. Other scanners, like Angry IP scanner, might pick up the windows/cifs hostnames with netbios queries.

Jindy
  • 56
  • 1
0

For a quick netbios scan on the just use nbtscan with nbtscan 192.168.1.0/24. This only works if you have only netbios-enabled devices (usually Windows) on your network.

For paranoid (but somewhat slower) host discovery you can do an advanced (-A) nmap scan to all ports (-p-) of your network's nodes with nmap -p- -PN -A 192.168.1.0/24

If you control the router you can also inspect the ARP tables, which is the surest way for discovery to get a list of active nodes on your network.

Stephen Ostermiller
  • 484
  • 9
  • 23
blau
  • 738
  • 4
  • 9
0

You can use dnsmasq as caching DNS server instead of bind. It also has a built-in DHCP server. When dnsmasq grants the lease, it stores hostname so you are able to lookup with host or nslookup. To retrieve full list of hosts just cat /var/lib/dnsmasq/dnsmasq.leases. It shows all actual IP address leases and hostnames.

gevial
  • 1,324
  • 9
  • 13