2

I am using linux. How do you normally go about finding machines on the local network?

Fragsworth
  • 1,181
  • 2
  • 12
  • 14
  • 2
    Before you do any sort of scanning, ensure you have proper authorization first. In most organizations this is a fireable offense. – K. Brian Kelley Oct 08 '09 at 02:26
  • 6
    Fireably? Really? Do you work for the NSA? Reprimandable, definately. Disciplinable, maybe. But fireable? Must be the BOFH... – Mark Henderson Oct 08 '09 at 02:32
  • yeah, fireable? Never heard of such a thing being a termination offense – warren Oct 08 '09 at 08:12
  • It's arguable whether it's fireable AT ALL, in ANY context. There are many legitimate reasons for portscanning, even on public networks. Not that I'm advocating that, but don't think it's a black and white issue. – Lee B Oct 08 '09 at 09:15
  • 4
    Can we please try to remember that what is and is not possible in the sense of fireable is location dependent. Just because it can't happen where I am doesn't mean it can't happen elsewhere. I would also assume we are talking about someone who hasn't been authorised to perform a scan. – John Gardeniers Oct 08 '09 at 10:59
  • 2
    http://en.wikipedia.org/wiki/Randal_L._Schwartz – Joe Casadonte Oct 08 '09 at 12:37
  • Oh come on now... Randall did a little more than just scan the local network. That being said, I've met Randal in person and he's a great guy. – KPWINC Oct 08 '09 at 23:43
  • 1
    https://superuser.com/questions/261818/how-can-i-list-all-ips-in-the-connected-network-through-terminal-preferablyc – Ciro Santilli OurBigBook.com Nov 30 '15 at 11:32

8 Answers8

9

Sure, install nmap and then run:

nmap -sP 192.168.0.1-254

Of course you'll need to replace the IP range with the appropriate values for your network.

EEAA
  • 109,363
  • 18
  • 175
  • 245
5

I think the right approach would be to inspect the LAN at a level lower that IP, then ARP scanning is a better choice.

See my answer to this duplicate question, I suggested nast -m.

Community
  • 1
drAlberT
  • 10,949
  • 7
  • 39
  • 52
2

Many methods are possible. I would start with an nmap scan.

Sven
  • 98,649
  • 14
  • 180
  • 226
2

Use arpwatch, it lets you find other machines without scanning the network

dmityugov
  • 756
  • 4
  • 5
1

As an alternative to scanning your network, if you have access to the switch or router you can check the router directly for it's arp table which should list all connected machines and their MAC addresses. If you're just looking to map your network and see what's online, this may be a better/easier solution.

If you have a decent router/switch, you may also be able to grab this info over SNMP rather than logging into the equipment directly, which has it's own set of advantages when it comes to regularly mapping your network.

epic9x
  • 1,618
  • 10
  • 9
1

I agree nmap, and arpwatch are good tools,you can use also fping.
Here I complete an existant python script from bortzmeyer that do the job for you, the script is very fast. but first you have to install ipcalc module and psyco 


import os, sys, re
from threading import Thread
import psyco, ipcalc


class ping(Thread):
  def init(self, ip, version):
        Thread.init(self)
        self.ip =ip
        self.version=version
        self.tab=("No response", "Partial Response", "Alive")



  def run(self):
    try:
        if self.version==4: req=os.popen("ping -c2 -q "+self.ip, "r")
        elif self.version==6: req=os.popen("ping6 -c2 -q "+self.ip, "r")
        while 1:
            reponse=req.readline()
            if not reponse: break
            stat = re.findall(re.compile("(\d) received"), reponse)
            if stat:
                print "Status ", self.ip, " ",self.tab[int(stat[0])]

    except:
         raise sys.stderr.write("Error in ping.\n")
         sys.exit(-1)




if __name__=='__main__':
    psyco.full()
    try:
      address=sys.argv1
      if address.find('/') > 0:
        net=ipcalc.Network(address)
      else:
        net=[address]
      for ip in net:
        p=ping(str(ip), 4)
        p.start()
    except:
      pass
Ali Mezgani
  • 3,850
  • 2
  • 24
  • 36
1

A nice graphical tool is Auto Scan network (http://autoscan-network.com/). It shows open ports too. For Windows, I'd suggest Look@lan, which does the same thing.

0

I use (will be available for download when it's ready) a tool that I wrote which handles both DNS/DHCP administration and SNMP walks of the switches. If something isn't in DHCP, I at least get a MAC address from the switch, but we've made a policy decision to put everything in DHCP, even if the machines themselves are statically IPed, just to aid in tracking address space.

If you're talking about finding something that perhaps you didn't put there, I'd agree with nmap. Or, if you're worried about legal/political issues, just a script that wraps ping...

Jason Antman
  • 1,536
  • 1
  • 12
  • 24