Discover your neighboring machines

January 10th, 2008 mysurface Posted in Network, nmap, ping | Hits: 49530 | 3 Comments »

Is there any tools that allow me to discover my neighboring machines that hook up to the same LAN switch like mine?

The simplest way I can do is use ping, I can send a broadcast packet to everyone in a subnet, so that they can response back. Let say I am in subnet of 192.168.0.x and the broadcast IP is 192.168.0.255, I can do this:

ping -b 192.168.0.255

How I know the broadcast IP is 192.168.0.255? I can check with ifconfig.

ifconfig eth0 | grep Bcast

Some routers are configured to filter broadcast and multicast packets to prevent broadcast storm, if so, broadcast is useless.

So what are the alternatives way?

I can ping the IP one by one with a line of bash script.

for ((i=1;i<255;i++)); do ping -c 1 -w1 192.168.0.$i | grep "bytes from\|ping"; done;

The result will look like this:

--- 192.168.0.1 ping statistics ---
--- 192.168.0.2 ping statistics ---
--- 192.168.0.3 ping statistics ---
--- 192.168.0.4 ping statistics ---
64 bytes from 192.168.0.5: icmp_seq=1 ttl=249 time=11.0 ms
--- 192.168.0.5 ping statistics ---
64 bytes from 192.168.0.6: icmp_seq=1 ttl=248 time=12.3 ms
--- 192.168.0.6 ping statistics ---
--- 192.168.0.7 ping statistics ---
--- 192.168.0.8 ping statistics ---
--- 192.168.0.9 ping statistics ---
--- 192.168.0.10 ping statistics ---
--- 192.168.0.11 ping statistics ---

Let me explain the ping options I use, -c (count) indicates how many attempt of ping for a single IP, -W specified the timeout in second, ping will waits until timeout to declare the attempt is fail.

From the sample results, I discovered 192.168.0.5 and 192.168.0.6.

Due to the limitation of ping, I can't specified the timeout less than 1 seconds, to scan a class C LAN, it may takes up 255 seconds, which is extremely slow.

Another alternative is using the power security tool - nmap, nmap allows me to scan any machines that I can reach for open ports, but nmap also support simple host discovery. By specified -sP, nmap will performs ping scan:

$ sudo nmap -sP 192.168.0.1-255

Starting Nmap 4.20 ( http://insecure.org ) at 2008-01-10 16:09 MYT
Host 192.168.0.5 appears to be up.
Host 192.168.0.6 appears to be up.
Nmap finished: 255 IP addresses (2 hosts up) scanned in 3.502 seconds

Awesome! nmap tooks only 3.502 seconds to scan up a class C LAN.

3 Responses to “Discover your neighboring machines”

  1. salvatore benedetto Says:

    You forgot to add square brackets to from|ping. It should be “bytes [from|ping]” otherwise you’ll get no output. Nice reading anyway.

  2. Thanks Benedetto, I forgot to replace my back slash to HTML codes, so that becomes hidden.

  3. Pretty component of content. I just stumbled upon your web site and in accession capital to assert that I acquire
    actually enjoyed account your blog posts. Anyway I’ll be subscribing on your feeds or
    even I achievement you get entry to persistently quickly.

Leave a Reply