How to find all the used IP addresses on a network

Generally, nmap is quite useful to quickly scan networks.

To install nmap, enter the following command in the terminal:

sudo apt-get install nmap

Once the application is installed, enter the following command: 

nmap -sn 192.168.1.0/24

This will show you which hosts responded to ping requests on the network between 192.168.1.0 and 192.168.1.255.

For older versions of Nmap, use -sP:

nmap -sP 192.168.1.0/24

For additional references, see the following pages:

NMAP Installation Guide

NMAP Reference Guide

It is a very useful tool to learn.


If all the computers in your network are Ubuntu or any other distribution that makes use of avahi-daemon (DNS-SD), you can get a detailed list of them (with hostname and IP address) by doing:

avahi-browse -rt _workstation._tcp

If you want to know all the IP addresses used in your network, you can use arp-scan:

sudo arp-scan 192.168.1.0/24

As it is not installed by default, you'll have to install it with sudo apt-get install arp-scan. arp-scan send ARP packets to the local network and displays the responses received, so it shows even firewalled hosts (that block traffic based on IP packets).


Note to the reader: Original answer has been posted a while ago and at the time of when I was only learning shell scripting. See the revisited version below for a new and improved script that performs much faster.

Original Answer

nmap would be my #1 choice, but what if you don't have it ? The DIY way would be with a ping script that goes through each possible ip address on the network manually. What we have here is just while loop, where we set last number in the address, make silent single ping to the address, check if the command succeed or not (and if it did succeed,then host is obviously up ), and printf statement. Quick and dirty way, took me about 10 mins to write it, but runtime might be a bit slow,though.

#!/bin/sh
# set -x
NUM=1

while [ $NUM -lt 256  ];do 
    ping -q -c 1 192.168.0.$NUM > /dev/null 
    RESULT=$(echo $?)
    if [ $RESULT -eq 0 ]; then 
        printf 192.168.0.$NUM"\n"
    fi
    NUM=$(expr $NUM + 1)
done

Revisited Answer

I originally posted this answer in August of 2015. Since then I've learned a bit more about shell scripting, and I once I saw this script, I thought it would be a good idea to revisit this answer to add a few improvements. Here's a few ideas:

  • The script is obviously slow and ping waits for response from the host. By default, ping for two RTT, which can vary depending on how congested is your network , and as far as I understand TCP protocol doubles the wait time each time(at least according to this). So we could force ping to time out with -w 1 flag. Since we have 256 addresses and we assume 1 second for each address, the script will take about 256/60 = 4.27 minutes.

  • Doing a command and then capturing its exit status with $? wasn't really necessary. The if ... then;...fi can operate on commands directly. In other words, it's sufficient to do this:

    if ping -w 1 -q -c 1 192.168.0.$NUM > /dev/null ;
then
     <some other code here>
fi

  • The printf command can be rewritten as so:

    printf "IP %s is up\n" 192.168.0."$NUM"

    This is more of a stylistic change, but it's consistent with how printf works and looks like in a lot of other languages, with quoting "$NUM" variable. Quoting here isn't necessary - since we're dealing with numbers only, we don't need to anticipate word-splitting due to having spaces in a variable.

  • Much better performance improvement can be achieved if we spawn several background processes. The script edit below does exactly that. I put the ping and printf into a function, pingf (yes, corny name, I know). Now, there's also one single main function which does the looping and calling of pingf.

#!/bin/sh
# Uncomment for debugging
#set -x
pingf(){
    if ping -w 2 -q -c 1 192.168.0."$1" > /dev/null ;
    then 
        printf "IP %s is up\n" 192.168.0."$1"
    fi
}

main(){

    NUM=1
    while [ $NUM -lt 255  ];do 
        pingf "$NUM" &
        NUM=$(expr "$NUM" + 1)
    done
    wait
}

main

How much better does that work ? Not bad, actually, takes a matter of seconds. 

$ time ./ping_script.sh                                                                      
IP 192.168.0.1 is up
IP 192.168.0.101 is up
IP 192.168.0.27 is up
IP 192.168.0.29 is up
    0m02.50s real     0m00.01s user     0m00.12s system

Things to Keep in Mind

  • Windows ( starting since Windows 7 , I think ) have started blocking response to ICMP echo requests. There's quite a few questions about that on Ask Ubuntu and other sites of the sort "Hey, my Linux computer can be pinged, but not Windows ones, what's up with that ?" Just be aware of the fact that for newer Windows versions you do need to enable response to ICMP echo.

Tags:

Networking

Recent Posts