In my work there is a lot of computer and I want make a joke. I can close computer over the network but finding IP addresses is hard to me.
How can I easily find all online IP adresses from 192.168.1.aa to 192.168.1.zz?
Asked
Active
Viewed 4.5e+01k times
7 Answers
178
Generally, nmap is quite useful to quickly scan networks.
To install nmap, enter the following command in the terminal:
sudo apt-get install nmap
Once the application is installed, enter the following command:
nmap -sn 192.168.1.0/24
This will show you which hosts responded to ping requests on the network between 192.168.1.0 and 192.168.1.255.
For older versions of Nmap, use -sP:
nmap -sP 192.168.1.0/24
For additional references, see the following pages:
It is a very useful tool to learn.
Kevin Bowen
- 20,055
- 57
- 82
- 84
46
If all the computers in your network are Ubuntu or any other distribution that makes use of avahi-daemon (DNS-SD), you can get a detailed list of them (with hostname and IP address) by doing:
avahi-browse -rt _workstation._tcp
If you want to know all the IP addresses used in your network, you can use arp-scan:
sudo arp-scan 192.168.1.0/24
As it is not installed by default, you'll have to install it with sudo apt-get install arp-scan. arp-scan send ARP packets to the local network and displays the responses received, so it shows even firewalled hosts (that block traffic based on IP packets).
Eric Carvalho
- 55,453
21
Note to the reader: Original answer has been posted a while ago and at the time of when I was only learning shell scripting. See the revisited version below for a new and improved script that performs much faster.
Original Answer
nmap would be my #1 choice, but what if you don't have it ? The DIY way would be with a ping script that goes through each possible ip address on the network manually. What we have here is just while loop, where we set last number in the address, make silent single ping to the address, check if the command succeed or not (and if it did succeed,then host is obviously up ), and printf statement. Quick and dirty way, took me about 10 mins to write it, but runtime might be a bit slow,though.
#!/bin/sh
# set -x
NUM=1
while [ $NUM -lt 256 ];do
ping -q -c 1 192.168.0.$NUM > /dev/null
RESULT=$(echo $?)
if [ $RESULT -eq 0 ]; then
printf 192.168.0.$NUM"\n"
fi
NUM=$(expr $NUM + 1)
done
Revisited Answer
I originally posted this answer in August of 2015. Since then I've learned a bit more about shell scripting, and I once I saw this script, I thought it would be a good idea to revisit this answer to add a few improvements. Here's a few ideas:
The script is obviously slow and
pingwaits for response from the host. By default,pingfor two RTT, which can vary depending on how congested is your network , and as far as I understand TCP protocol doubles the wait time each time(at least according to this). So we could forcepingto time out with-w 1flag. Since we have 256 addresses and we assume 1 second for each address, the script will take about 256/60 = 4.27 minutes.Doing a command and then capturing its exit status with
$?wasn't really necessary. Theif ... then;...fican operate on commands directly. In other words, it's sufficient to do this:if ping -w 1 -q -c 1 192.168.0.$NUM > /dev/null ; then <some other code here> fiThe
printfcommand can be rewritten as so:printf "IP %s is up\n" 192.168.0."$NUM"This is more of a stylistic change, but it's consistent with how
printfworks and looks like in a lot of other languages, with quoting"$NUM"variable. Quoting here isn't necessary - since we're dealing with numbers only, we don't need to anticipate word-splitting due to having spaces in a variable.Much better performance improvement can be achieved if we spawn several background processes. The script edit below does exactly that. I put the
pingandprintfinto a function,pingf(yes, corny name, I know). Now, there's also one singlemainfunction which does the looping and calling ofpingf.
#!/bin/sh
# Uncomment for debugging
#set -x
pingf(){
if ping -w 2 -q -c 1 192.168.0."$1" > /dev/null ;
then
printf "IP %s is up\n" 192.168.0."$1"
fi
}
main(){
NUM=1
while [ $NUM -lt 255 ];do
pingf "$NUM" &
NUM=$(expr "$NUM" + 1)
done
wait
}
main
How much better does that work ? Not bad, actually, takes a matter of seconds.
$ time ./ping_script.sh
IP 192.168.0.1 is up
IP 192.168.0.101 is up
IP 192.168.0.27 is up
IP 192.168.0.29 is up
0m02.50s real 0m00.01s user 0m00.12s system
Things to Keep in Mind
- Windows ( starting since Windows 7 , I think ) have started blocking response to ICMP echo requests. There's quite a few questions about that on Ask Ubuntu and other sites of the sort "Hey, my Linux computer can be pinged, but not Windows ones, what's up with that ?" Just be aware of the fact that for newer Windows versions you do need to enable response to ICMP echo.
Sergiy Kolodyazhnyy
- 107,582
5
fping is a great tool to scan multiple hosts on a network via ICMP. If not installed, you can install it by:
sudo apt-get install fping
fping sends ICMP ECHO_REQUEST packets and mark a host as Up if it gets ECHO_RESPONSE from the host.
For example, to scan the hosts of subnet 192.168.1.0/24, you can do:
fping -g 192.168.1.0/24
For a specific number of hosts e.g. from 192.168.1.15 to 192.168.1.140:
fping -g 192.168.1.15 192.168.1.140
fping is highly configurable e.g. how many packets will be sent, the time to wait for response, output format etc.
Check man fping to get more idea.
heemayl
- 93,925
1
This works for my purposes. Run on the server/hotspot:
#!/bin/bash
creates two files and cross references them to get
currently valid neighborhood ip addresses
echo
echo "Currently assigned ip addresses:"
echo
this lists the neighborhood ip and mac addresses
ip -r neigh > neighborhood.tmp
replace wlan0 with whatever interface you want to look at.
iw dev wlan0 station dump | grep Station > stations.tmp
a loop to cross reference the two files
while read station; do
mac=$(echo $station | awk '{print $2}')
while read neighbor; do
testmac=$(echo $neighbor | awk '{print $5}')
if [ $testmac == $mac ]; then
echo -e "\t$(echo $neighbor | awk '{print $1}')"
fi
done < neighborhood.tmp
done < stations.tmp
rm neighborhood.tmp; rm stations.tmp
echo
Your mileage may vary.
0
This works for my purposes.
#!/bin/bash
# Ex : write as ~/bin/netscan.sh; 192.168.1 chmod +x ~/bin/netscan.sh; ~/bin/netscan.sh 192.168.1
# cat /sys/class/net/*/address ; cat /sys/class/net/$(ip route show default | awk '/default/ {print $5}')/address
scannet() { for IP in "${1}."{1..254}; do ping -c1 $IP | grep "64 bytes" & done; wait ;}
wait for receive or time - sleep 6; : ; sleep 1 "
scan () { Devices=$(scannet "${1}" 2>/dev/null); echo "$Devices"; echo "# Done" ;}
if [[ $1 = '' ]]; then
output=$(ip route list exact default)
ip route show default
echo "$output"
read null null default null dev null <<< "$output"
srcvalue=${null##src } srcvalue=${srcvalue%% }
value=${default%.*}
echo "default = $default $dev $srcvalue"
echo "### Ex : netscan.sh $value ; netscan.sh 192.168.1 -"'[${1}].{1..254}'
echo "### ip route list exact default"
echo "### ip -resolve show"
echo "### ip -resolve neighb show {IP}"
echo "### sudo nmap -O $default ###"
echo "# Wait - ping -c1 ${value}"'.{1..254} :'
scan ${value}
PresentIP=$(ip neighb show | grep "lladdr")
echo "# ip neighb show :"
echo "$PresentIP"
exit
else
echo "### ping -c1 ${1}.{1..254}"
echo "### Ex : ip route list exact default ; ip -resolve neigh show ; sudo nmap -O ${1}. ###"
echo "# Wait - ping -c1 ${1}"'.{1..254} :'
scan ${1}
PresentIP=$(ip neighb show | grep "lladdr")
echo "# ip neighb show :"
echo "$PresentIP"
exit
fi
Ex : write as ~/bin/netscan.sh # netscan.sh 192.168.1
