2

I’m starting to administer a small but confusing und badly documented local heterogeneous network (mostly Windows workstations, printers, laboratory equipment, etc. and one Linux/Samba Server) (192.168.1.0/24) stretching over a few hundred m2 office and factory area in two floors. In principle I have access to all the passwords and rooms. In praxis some of the offices are locked, the owners are out and there might be some hidden devices which somebody who is not reachable for me has connected to the LAN or which were plugged in and forgotten at all.

When configuring printers (we have quite a lot of them) I sometimes get a collision warning. Most devices get their IPs via DHCP, but not all of them. Some of the devices use firewalls which block ports and or do not answer pings for other reasons.

I want to scan the network for used IPs - just now manually, later perhaps a few times automatically to also catch fixed IP devices which were switched off during the first scan.

What is the best method to perform such a scan, and what tool should I use? As the budget is limited and this task probably needs not to be done on a regular basis I would prefer a free open source solution.

drAlberT
  • 10,949
  • 7
  • 39
  • 52
esc1729
  • 305
  • 2
  • 16
  • 1
    Which OS do you want to scan from? – John Gardeniers Sep 08 '09 at 08:11
  • Today I favour to scan from a Windows XP notebook, as the Linux server is not configured to my likening for now. In the long run I prefer to work from the Bash command line. – esc1729 Sep 08 '09 at 08:45
  • nmap/Zenmap on Windows (nmap -PR 192.168.1.0/24) did the job for now. Thank you everybody for your help. I’m sorry I can only select one answer as accepted, as I definitely will use some of the other software you recommended too. – esc1729 Sep 08 '09 at 09:57
  • Happy to have been useful :) – drAlberT Sep 08 '09 at 10:19
  • related (with links to a lot of duplicate quesions): [How can I list all IPs in the connected network, through Terminal preferably?](http://superuser.com/q/261818/210781) – Alexander Malakhov Oct 22 '16 at 09:23

3 Answers3

6

nmap - the tool of the devil.

To utilize nmap for ping sweeps use:

nmap -sP 192.168.1.1-255
  • note that nmap now provides a graphical frontend called zenmap
  • nmap guide book

Angry IP Scanner - graphical tool of the devil

  • Very self explanatory
David Rickman
  • 3,320
  • 18
  • 16
  • 1
    As I wrote in my question, not all the devices answer on pings. I've already checked Angry IP Scanner in my own office. Some of our PCs are not recognized by Angry IP Scanner, probably because of the firewall settings. – esc1729 Sep 08 '09 at 07:03
  • 1
    Is your network comprised mostly of Window's machines? You could nmap -p135-139 -P0 192.168.1.1-255. Which probes all machines for open ports 135-139 and doesn't ping the machine first. It might take awhile though. Of course the tool @AlberT recommended might fit your needs better. – David Rickman Sep 08 '09 at 07:20
  • The situation is quite complicated and I dont’t want to go into detail. There are a lot Windows workstations, at least one Linux server, perhaps a few more Linux notebooks which I do not know for now, a lot of printers, at least one high-end switch, some laboratory equipment, a telephone system, etc. This network is used simultaneously by two different organisations which are just in the process of separating their IT infrastructure. – esc1729 Sep 08 '09 at 08:13
  • Well, hopefully one of us provided a good answer. It, unfortunately, looks like there will probably be a lot of manual labor in your future. Good luck and godspeed. – David Rickman Sep 08 '09 at 08:52
4

  • Take a look at nast.

    nast -m

    probes all hosts on your network using ARP protocol, so it is quite accurate and FW-aware.

    It is free, OSS and very powerful.

    Using ARP requests you can probe every kind of network devices (not explicitly configured to be stealthy to this of course, but we are talking about a voluntary hidden system then). ARP works under the IP level, so it is quite accurate. Of course it works on a physical network segment, it can't traverse routers (if no arp proxy is configured of course).

  • To monitor devices on your network you can instead take a look at ARPwatch, running it as a daemon makes possible to continuously monitor you LAN and catch IP changes, flip-flop, new devices attached and so on

drAlberT
  • 10,949
  • 7
  • 39
  • 52
1

You might like to check out arp-scan and arping - in combination with nmap, these may yield good results on machines that are not responding to ICMP ping.

Zanchey
  • 3,051
  • 22
  • 28