Finding All Hosts On the LAN From Linux / Windows Workstation

by on March 5, 2008 · 40 comments· LAST UPDATED March 5, 2008

in , ,

Q. How do I find out if all host computers on the LAN are alive or dead from a Linux or Windows XP computer? My network subnet range is 192.168.1.0/24 and I'm using dual boot Debian Linux / XP SP2 computer.

A.You can use normal ping command and shell script loop statement to print the list of all LAN computers from a shell prompt.

Linux / UNIX one liner to ping all hosts on the LAN

Type the following command, enter:
$ for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done
Output:

192.168.1.1 UP
192.168.1.1 UP
192.168.1.2 UP
192.168.1.5 UP
......
...
..
192.168.1.254 UP

See previous article: Simple Linux and UNIX system monitoring with ping command and scripts.

A Note About Windows Workstation

If you are using Windows 2000 / XP / Vista, try something as follows at DOS / NT command prompt (Start > Run > CMD > Enter key):
c:> for /L %I in (1,1,254) DO ping -w 30 -n1 192.168.1.%I | find "Reply"
Read cmd.exe help page and batch scripting documentation for more information.

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 40 comments… read them below or add one }

1 Casper March 5, 2008 at 6:37 pm

You would probably use
"for ip in $(perl -e '$,="\n"; print 0 .. 8;') ; do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done"
on non GNU/Linux system, as seq does not exist on Solaris and OSX.

Reply

2 Casper March 5, 2008 at 6:41 pm

Ups, this is nicer, and faster.
for ip in $(perl -e '$,="\n"; print 1 .. 254;') ; do ping -t 1 -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done

I’ve added a 1 sec. timeout on ping.

Reply

3 Ryan Sharp December 26, 2011 at 12:31 am

Looping in Perl just to print a sequence of numbers is really braindead.

Reply

4 richard March 5, 2008 at 8:28 pm

Do you know fping ?
$ sudo apt-get install fping
$ fping -a -g 192.168.1.0/24 2> /dev/null

Reply

5 nixCraft March 5, 2008 at 9:27 pm

@Casper,
Thanks for sharing perl only code.

@Richard,
Sure, fping was covered some time ago..

Reply

6 Scott Carlson March 6, 2008 at 2:41 am

I generally just use this “ping -b 192.168.1.255″ Which broadcasts a ping to the whole network at once.

Reply

7 Topper March 6, 2008 at 8:38 am

What about Windows machines with MS firewall which default forbid ICMP replay ?
Maybe must use ARP cache after ping

Reply

8 Z3n0 March 6, 2008 at 9:30 am

another way…

for ((ip=1;ip/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done

Reply

9 matthias March 6, 2008 at 9:40 am

If a host on your local network won’t answer on a ping request you could try arping, which does an arp request.
arping 192.168.1.1
ARPING 192.168.1.1 from 192.168.1.226 eth0
Unicast reply from 192.168.1.1 [00:01:02:xx:xx:xx] 0.668ms

Another method is simply using nmap:
nmap -sP 192.168.1.0/24

Reply

10 Z3n0 March 6, 2008 at 10:13 am

Something wrong with prev. comment… (< and > char)

for (( ip=1 ; ip<=254 ; ip++ )); do ping -c 1 -t 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done

Reply

11 phillip March 7, 2008 at 12:42 pm
12 sg March 7, 2008 at 4:29 pm

another option is installing arpwatch.

Reply

13 suren March 16, 2008 at 4:28 am

wont this command do ???

nbtscan 10.0.0.1-125

this checks all the computers whose ip address are in the range of 10.0.0.1 to 10.0.0.125 and displays only those which are ON and connected to the network !

Reply

14 Johny May 6, 2009 at 6:52 pm

Matthias, thumbs up for the nmap solution.

Reply

15 Remi Nodet June 4, 2009 at 8:54 am

Even faster (produces a little bit of confusing output in the beginning but it does the job fast):

for ip in $(perl -e '$,="\n"; print 1 .. 254;') ; do ping -t 1 -c 1 192.168.146.$ip > /dev/null && echo "192.168.146.$ip UP" >> hosts.log || : & sleep 0.02; done; sleep 1;cat hosts.log;rm hosts.log

Reply

16 jags January 8, 2012 at 7:07 am

this is awesome

Reply

17 nishu April 18, 2010 at 9:55 pm

can anyone tell how to see the network address and system names in up in lan in linux..

Reply

18 hotsw4p July 24, 2010 at 12:22 am

i liked the nmap solution best as well, thanks Matthias for that.

Reply

19 mr August 25, 2010 at 10:32 am

check out the space after the n parameter: for /L %I in (1,1,254) DO ping -w 30 -n 1 192.168.1.%I | find “Reply”

Reply

20 horizons December 8, 2010 at 12:07 am

smbtree -SN |grep \\\\ |cut -f2 |cut -d”\\” -f3

will give a list of netbios host responding on broadcast address
(smbtree is part of the samba suite)

Reply

21 rst_ack February 9, 2011 at 7:05 pm

#arp-scan -l

Reply

22 thingymebob March 11, 2013 at 1:00 pm

+1, much quicker way to found out what’s on your network.

Reply

23 ronfish May 3, 2013 at 7:46 pm

+2…NICE!

Reply

24 berner May 24, 2011 at 6:24 pm

Very nice, all that. Thanks guys!

Reply

25 James June 20, 2011 at 1:58 pm

Here’s a batchfile i made that pings any range of adresses:

@echo off & For /L %%i in (%4,1,255) do @ping -n 1 %1.%2.%3.%%i | find “Received = 0″ >nul & if errorlevel 1 @echo %1.%2.%3.%%i

most of the code is to tidy the output up. Save as PINGER.bat

Type:
PINGER 192 168 0 0
**without** the dots to find the range 192.168.0.0 to 192.168.0.255
or any other address PINGER 145 233 2 0 etc
cheers

Reply

26 lina July 13, 2011 at 1:55 am

How would you do this on a Mac? I tried it and got the error -bash: seq: command not found

Reply

27 Tonio March 20, 2012 at 2:17 pm

Just don’t buy a mac :p

Reply

28 Stan Tkhorovsky November 18, 2011 at 6:28 pm

Thanks for ‘nast -m’ tip (3 years later ;) ) – liked it best.

@ lina – check out casper’s comment regarding non-Linux systems

Reply

29 Rodger January 2, 2012 at 8:07 am

Using cygwin on Windows, this did not work as expected.
It produced
192.168.1.1 UP

192.168.1.100 UP

for every IP address.

Problem is, this network is 192.168.2.1, not 192.168.1.1

Further investigation:
ping 192.168.2.1 produced a response from an IP from the ISP.

Know and Test what you are doing!

Reply

30 Lukas January 24, 2012 at 2:54 pm

Hi, i cant find all hosts by nmap -sP 10.6.0.0/24
I know that router Mikrotik has got IP address 10.6.0.1, hi can i found with nmap ALL hosts at subnet? Which mode of nmap I have to use for this?
Could you help me, please? Thanks a lot.

Lukas

Reply

31 go2null February 23, 2012 at 11:39 am

Hi all,

I tested four proposed solutions on the same lan within the same hour :

1- for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo “192.168.1.$ip UP” || : ; done
*** 26 hosts ***

2- nmap -sP 192.168.1.0/24
*** 18 hosts ***

3- nast -m -i eth0
*** 32 hosts (31 if I exclude the broadcast address) ***

4- arp-scan -l -I eth0
*** 35 hosts (32 if I exclude the lan address, the broadcast address and a duplicate host address of a vmware VM which is not discovered by the other tools) ***

My prefered tool is arp-scan, for several reasons :

1- It finds the max of hosts,
2- It is the faster (flash speed),
3- It provides additional information about the NIC when possible.

Thanks for this very interesting topic and the comments.

Reply

32 Asim April 17, 2012 at 3:15 pm

for /L %x in (1,1,254) do @ping 192.168.122.%x -w 100 -n 1 | find “Reply”

Reply

33 masuch April 21, 2012 at 2:52 pm

Hi,

Could please abybody get me some clue how to identify what is on the following ip addresses got by sudo arp -a command:
? (192.168.1.207) at on eth1
? (192.168.1.1) at 00:22:3f:ad:c4:be [ether] on eth1
? (192.168.1.51) at on eth1
? (192.168.1.204) at on eth1
? (192.168.1.254) at on eth1
? (192.168.1.151) at on eth1
? (192.168.1.48) at on eth1
? (192.168.1.98) at on eth1
? (192.168.1.251) at on eth1
? (192.168.1.45) at on eth1
? (192.168.1.198) at on eth1
? (192.168.1.95) at on eth1
? (192.168.1.145) at on eth1
? (192.168.1.86) at on eth1
? (192.168.1.33) at on eth1
? (192.168.1.186) at on eth1
? (192.168.1.83) at on eth1
? (192.168.1.236) at on eth1
? (192.168.1.133) at on eth1
? (192.168.1.30) at on eth1
? (192.168.1.183) at on eth1
? (192.168.1.130) at on eth1
? (192.168.1.77) at on eth1
? (192.168.1.127) at on eth1
? (192.168.1.74) at on eth1
? (192.168.1.227) at on eth1
? (192.168.1.238) at on eth1
? (192.168.1.135) at on eth1
? (192.168.1.29) at on eth1
? (192.168.1.26) at on eth1
? (192.168.1.179) at on eth1
? (192.168.1.229) at on eth1
? (192.168.1.126) at on eth1
? (192.168.1.23) at on eth1
? (192.168.1.176) at on eth1
? (192.168.1.20) at on eth1
? (192.168.1.173) at on eth1
? (192.168.1.220) at on eth1
? (192.168.1.167) at on eth1

Thanks in advance,
M.

Reply

34 symeg June 6, 2012 at 5:51 am

@masuch: looks like you have a netgear router attached at 192.168.1.1 (based on the mac address). and no other machines attached.

Reply

35 masuch June 6, 2012 at 11:50 am

Hi,

Yes, it is netgear – how can I recognize according to MAC address what device is it ?
Could you please share some documentation ?

did you use:
http://tools.springheadmedia.com/mac.php?m1=00&m2=&m3=&m4=&m5=&m6=&find=Find
OR
something else … ?

Thanks,
Regards,
masuch

Reply

36 Matias November 11, 2012 at 9:22 am

In linux, this would be faster
echo 192.168.1.{1..254}|xargs -n1 -P0 ping -c1|grep “bytes from”

Reply

37 Anders Larsson May 17, 2013 at 6:48 pm

One second

#!/bin/bash
for ip in 192.168.0.{1..254}; do
ping -c 1 -W 1 $ip | grep “64 bytes” &
done

Reply

38 LeFeRiSoN October 16, 2013 at 11:43 pm

0,5 Second whit first Post ;)

#!/bin/bash
for ip in $(seq 1 254)
        do ping -c 1 "192.168.0.$ip">/dev/null
           [ $? -eq 0 ] && echo "192.168.1.$ip UP" || echo "192.168.1.$ip DOWN..."
        done

Reply

39 john doe March 27, 2014 at 11:45 pm

nmap -sn ip/subnet
like if subnet mask is 255.255.254.0, and your ip is 192.168.1.3
then: nmap -sn 192.168.1.0/23

Research subnets.

Reply

40 sunil September 25, 2014 at 1:22 pm

how to check which are all systems connected in lan

Reply

Leave a Comment

Tagged as: , , , , , , , ,

Previous Faq:

Next Faq: