Finding All Hosts On the LAN From Linux / Windows Workstation

by on March 5, 2008 · 37 comments· last updated at March 5, 2008

Q. How do I find out if all host computers on the LAN are alive or dead from a Linux or Windows XP computer? My network subnet range is 192.168.1.0/24 and I'm using dual boot Debian Linux / XP SP2 computer.

A.You can use normal ping command and shell script loop statement to print the list of all LAN computers from a shell prompt.

Linux / UNIX one liner to ping all hosts on the LAN

Type the following command, enter:
$ for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done
Output:

192.168.1.1 UP
192.168.1.1 UP
192.168.1.2 UP
192.168.1.5 UP
......
...
..
192.168.1.254 UP

See previous article: Simple Linux and UNIX system monitoring with ping command and scripts.

A Note About Windows Workstation

If you are using Windows 2000 / XP / Vista, try something as follows at DOS / NT command prompt (Start > Run > CMD > Enter key):
c:> for /L %I in (1,1,254) DO ping -w 30 -n1 192.168.1.%I | find "Reply"
Read cmd.exe help page and batch scripting documentation for more information.



You should follow me on twitter here or grab rss feed to keep track of new changes.

Featured Articles:

{ 37 comments… read them below or add one }

1 Casper March 5, 2008 at 6:37 pm

You would probably use
"for ip in $(perl -e '$,="\n"; print 0 .. 8;') ; do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done"
on non GNU/Linux system, as seq does not exist on Solaris and OSX.

Reply

2 Casper March 5, 2008 at 6:41 pm

Ups, this is nicer, and faster.
for ip in $(perl -e '$,="\n"; print 1 .. 254;') ; do ping -t 1 -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done

I’ve added a 1 sec. timeout on ping.

Reply

3 Ryan Sharp December 26, 2011 at 12:31 am

Looping in Perl just to print a sequence of numbers is really braindead.

Reply

4 richard March 5, 2008 at 8:28 pm

Do you know fping ?
$ sudo apt-get install fping
$ fping -a -g 192.168.1.0/24 2> /dev/null

Reply

5 vivek March 5, 2008 at 9:27 pm

@Casper,
Thanks for sharing perl only code.

@Richard,
Sure, fping was covered some time ago..

Reply

6 Scott Carlson March 6, 2008 at 2:41 am

I generally just use this “ping -b 192.168.1.255″ Which broadcasts a ping to the whole network at once.

Reply

7 Topper March 6, 2008 at 8:38 am

What about Windows machines with MS firewall which default forbid ICMP replay ?
Maybe must use ARP cache after ping

Reply

8 Z3n0 March 6, 2008 at 9:30 am

another way…

for ((ip=1;ip/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done

Reply

9 matthias March 6, 2008 at 9:40 am

If a host on your local network won’t answer on a ping request you could try arping, which does an arp request.
arping 192.168.1.1
ARPING 192.168.1.1 from 192.168.1.226 eth0
Unicast reply from 192.168.1.1 [00:01:02:xx:xx:xx] 0.668ms

Another method is simply using nmap:
nmap -sP 192.168.1.0/24

Reply

10 Z3n0 March 6, 2008 at 10:13 am

Something wrong with prev. comment… (< and > char)

for (( ip=1 ; ip<=254 ; ip++ )); do ping -c 1 -t 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done

Reply

11 phillip March 7, 2008 at 12:42 pm

Using nast ?

http://netsecure.alcpress.com/nast/

nast -m

best.

Reply

12 sg March 7, 2008 at 4:29 pm

another option is installing arpwatch.

Reply

13 suren March 16, 2008 at 4:28 am

wont this command do ???

nbtscan 10.0.0.1-125

this checks all the computers whose ip address are in the range of 10.0.0.1 to 10.0.0.125 and displays only those which are ON and connected to the network !

Reply

14 Johny May 6, 2009 at 6:52 pm

Matthias, thumbs up for the nmap solution.

Reply

15 Remi Nodet June 4, 2009 at 8:54 am

Even faster (produces a little bit of confusing output in the beginning but it does the job fast):

for ip in $(perl -e '$,="\n"; print 1 .. 254;') ; do ping -t 1 -c 1 192.168.146.$ip > /dev/null && echo "192.168.146.$ip UP" >> hosts.log || : & sleep 0.02; done; sleep 1;cat hosts.log;rm hosts.log

Reply

16 jags January 8, 2012 at 7:07 am

this is awesome

Reply

17 nishu April 18, 2010 at 9:55 pm

can anyone tell how to see the network address and system names in up in lan in linux..

Reply

18 hotsw4p July 24, 2010 at 12:22 am

i liked the nmap solution best as well, thanks Matthias for that.

Reply

19 mr August 25, 2010 at 10:32 am

check out the space after the n parameter: for /L %I in (1,1,254) DO ping -w 30 -n 1 192.168.1.%I | find “Reply”

Reply

20 horizons December 8, 2010 at 12:07 am

smbtree -SN |grep \\\\ |cut -f2 |cut -d”\\” -f3

will give a list of netbios host responding on broadcast address
(smbtree is part of the samba suite)

Reply

21 rst_ack February 9, 2011 at 7:05 pm

#arp-scan -l

Reply

22 thingymebob March 11, 2013 at 1:00 pm

+1, much quicker way to found out what’s on your network.

Reply

23 ronfish May 3, 2013 at 7:46 pm

+2…NICE!

Reply

24 berner May 24, 2011 at 6:24 pm

Very nice, all that. Thanks guys!

Reply

25 James June 20, 2011 at 1:58 pm

Here’s a batchfile i made that pings any range of adresses:

@echo off & For /L %%i in (%4,1,255) do @ping -n 1 %1.%2.%3.%%i | find “Received = 0″ >nul & if errorlevel 1 @echo %1.%2.%3.%%i

most of the code is to tidy the output up. Save as PINGER.bat

Type:
PINGER 192 168 0 0
**without** the dots to find the range 192.168.0.0 to 192.168.0.255
or any other address PINGER 145 233 2 0 etc
cheers

Reply

26 lina July 13, 2011 at 1:55 am

How would you do this on a Mac? I tried it and got the error -bash: seq: command not found

Reply

27 Tonio March 20, 2012 at 2:17 pm

Just don’t buy a mac :p

Reply

28 Stan Tkhorovsky November 18, 2011 at 6:28 pm

Thanks for ‘nast -m’ tip (3 years later ;) ) – liked it best.

@ lina – check out casper’s comment regarding non-Linux systems

Reply

29 Rodger January 2, 2012 at 8:07 am

Using cygwin on Windows, this did not work as expected.
It produced
192.168.1.1 UP

192.168.1.100 UP

for every IP address.

Problem is, this network is 192.168.2.1, not 192.168.1.1

Further investigation:
ping 192.168.2.1 produced a response from an IP from the ISP.

Know and Test what you are doing!

Reply

30 Lukas January 24, 2012 at 2:54 pm

Hi, i cant find all hosts by nmap -sP 10.6.0.0/24
I know that router Mikrotik has got IP address 10.6.0.1, hi can i found with nmap ALL hosts at subnet? Which mode of nmap I have to use for this?
Could you help me, please? Thanks a lot.

Lukas

Reply

31 go2null February 23, 2012 at 11:39 am

Hi all,

I tested four proposed solutions on the same lan within the same hour :

1- for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo “192.168.1.$ip UP” || : ; done
*** 26 hosts ***

2- nmap -sP 192.168.1.0/24
*** 18 hosts ***

3- nast -m -i eth0
*** 32 hosts (31 if I exclude the broadcast address) ***

4- arp-scan -l -I eth0
*** 35 hosts (32 if I exclude the lan address, the broadcast address and a duplicate host address of a vmware VM which is not discovered by the other tools) ***

My prefered tool is arp-scan, for several reasons :

1- It finds the max of hosts,
2- It is the faster (flash speed),
3- It provides additional information about the NIC when possible.

Thanks for this very interesting topic and the comments.

Reply

32 Asim April 17, 2012 at 3:15 pm

for /L %x in (1,1,254) do @ping 192.168.122.%x -w 100 -n 1 | find “Reply”

Reply

33 masuch April 21, 2012 at 2:52 pm

Hi,

Could please abybody get me some clue how to identify what is on the following ip addresses got by sudo arp -a command:
? (192.168.1.207) at on eth1
? (192.168.1.1) at 00:22:3f:ad:c4:be [ether] on eth1
? (192.168.1.51) at on eth1
? (192.168.1.204) at on eth1
? (192.168.1.254) at on eth1
? (192.168.1.151) at on eth1
? (192.168.1.48) at on eth1
? (192.168.1.98) at on eth1
? (192.168.1.251) at on eth1
? (192.168.1.45) at on eth1
? (192.168.1.198) at on eth1
? (192.168.1.95) at on eth1
? (192.168.1.145) at on eth1
? (192.168.1.86) at on eth1
? (192.168.1.33) at on eth1
? (192.168.1.186) at on eth1
? (192.168.1.83) at on eth1
? (192.168.1.236) at on eth1
? (192.168.1.133) at on eth1
? (192.168.1.30) at on eth1
? (192.168.1.183) at on eth1
? (192.168.1.130) at on eth1
? (192.168.1.77) at on eth1
? (192.168.1.127) at on eth1
? (192.168.1.74) at on eth1
? (192.168.1.227) at on eth1
? (192.168.1.238) at on eth1
? (192.168.1.135) at on eth1
? (192.168.1.29) at on eth1
? (192.168.1.26) at on eth1
? (192.168.1.179) at on eth1
? (192.168.1.229) at on eth1
? (192.168.1.126) at on eth1
? (192.168.1.23) at on eth1
? (192.168.1.176) at on eth1
? (192.168.1.20) at on eth1
? (192.168.1.173) at on eth1
? (192.168.1.220) at on eth1
? (192.168.1.167) at on eth1

Thanks in advance,
M.

Reply

34 symeg June 6, 2012 at 5:51 am

@masuch: looks like you have a netgear router attached at 192.168.1.1 (based on the mac address). and no other machines attached.

Reply

35 masuch June 6, 2012 at 11:50 am

Hi,

Yes, it is netgear – how can I recognize according to MAC address what device is it ?
Could you please share some documentation ?

did you use:
http://tools.springheadmedia.com/mac.php?m1=00&m2=&m3=&m4=&m5=&m6=&find=Find
OR
something else … ?

Thanks,
Regards,
masuch

Reply

36 Matias November 11, 2012 at 9:22 am

In linux, this would be faster
echo 192.168.1.{1..254}|xargs -n1 -P0 ping -c1|grep “bytes from”

Reply

37 Anders Larsson May 17, 2013 at 6:48 pm

One second

#!/bin/bash
for ip in 192.168.0.{1..254}; do
ping -c 1 -W 1 $ip | grep “64 bytes” &
done

Reply

Leave a Comment

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <kbd> <blockquote> <pre> <a href="" title="">

Tagged as: , , , , , , , ,

Previous Faq:

Next Faq: