Is there any tools that allow me to discover my neighboring machines that hook up to the same LAN switch like mine?
The simplest way I can do is use ping, I can send a broadcast packet to everyone in a subnet, so that they can response back. Let say I am in subnet of 192.168.0.x and the broadcast IP is 192.168.0.255, I can do this:
ping -b 192.168.0.255
How I know the broadcast IP is 192.168.0.255? I can check with ifconfig.
ifconfig eth0 | grep Bcast
Some routers are configured to filter broadcast and multicast packets to prevent broadcast storm, if so, broadcast is useless.
So what are the alternatives way?
I can ping the IP one by one with a line of bash script.
for ((i=1;i<255;i++)); do ping -c 1 -w1 192.168.0.$i | grep "bytes from\|ping"; done;
The result will look like this:
--- 192.168.0.1 ping statistics --- --- 192.168.0.2 ping statistics --- --- 192.168.0.3 ping statistics --- --- 192.168.0.4 ping statistics --- 64 bytes from 192.168.0.5: icmp_seq=1 ttl=249 time=11.0 ms --- 192.168.0.5 ping statistics --- 64 bytes from 192.168.0.6: icmp_seq=1 ttl=248 time=12.3 ms --- 192.168.0.6 ping statistics --- --- 192.168.0.7 ping statistics --- --- 192.168.0.8 ping statistics --- --- 192.168.0.9 ping statistics --- --- 192.168.0.10 ping statistics --- --- 192.168.0.11 ping statistics ---
Let me explain the ping options I use, -c (count) indicates how many attempt of ping for a single IP, -W specified the timeout in second, ping will waits until timeout to declare the attempt is fail.
From the sample results, I discovered 192.168.0.5 and 192.168.0.6.
Due to the limitation of ping, I can't specified the timeout less than 1 seconds, to scan a class C LAN, it may takes up 255 seconds, which is extremely slow.
Another alternative is using the power security tool - nmap, nmap allows me to scan any machines that I can reach for open ports, but nmap also support simple host discovery. By specified -sP, nmap will performs ping scan:
$ sudo nmap -sP 192.168.0.1-255 Starting Nmap 4.20 ( http://insecure.org ) at 2008-01-10 16:09 MYT Host 192.168.0.5 appears to be up. Host 192.168.0.6 appears to be up. Nmap finished: 255 IP addresses (2 hosts up) scanned in 3.502 seconds
Awesome! nmap tooks only 3.502 seconds to scan up a class C LAN.