≡ Menu

Finding All Hosts On the LAN From Linux / Windows Workstation

Q. How do I find out if all host computers on the LAN are alive or dead from a Linux or Windows XP computer? My network subnet range is 192.168.1.0/24 and I'm using dual boot Debian Linux / XP SP2 computer.

A.You can use normal ping command and shell script loop statement to print the list of all LAN computers from a shell prompt.

Linux / UNIX one liner to ping all hosts on the LAN

Type the following command, enter:
$ for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done
Output:

192.168.1.1 UP
192.168.1.1 UP
192.168.1.2 UP
192.168.1.5 UP
......
...
..
192.168.1.254 UP

See previous article: Simple Linux and UNIX system monitoring with ping command and scripts.

A Note About Windows Workstation

If you are using Windows 2000 / XP / Vista, try something as follows at DOS / NT command prompt (Start > Run > CMD > Enter key):
c:> for /L %I in (1,1,254) DO ping -w 30 -n1 192.168.1.%I | find "Reply"
Read cmd.exe help page and batch scripting documentation for more information.

Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

{ 43 comments… add one }

  • Casper March 5, 2008, 6:37 pm

    You would probably use
    "for ip in $(perl -e '$,="\n"; print 0 .. 8;') ; do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done"
    on non GNU/Linux system, as seq does not exist on Solaris and OSX.

  • Casper March 5, 2008, 6:41 pm

    Ups, this is nicer, and faster.
    for ip in $(perl -e '$,="\n"; print 1 .. 254;') ; do ping -t 1 -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done

    I’ve added a 1 sec. timeout on ping.

    • Ryan Sharp December 26, 2011, 12:31 am

      Looping in Perl just to print a sequence of numbers is really braindead.

  • richard March 5, 2008, 8:28 pm

    Do you know fping ?
    $ sudo apt-get install fping
    $ fping -a -g 192.168.1.0/24 2> /dev/null

  • nixCraft March 5, 2008, 9:27 pm

    @Casper,
    Thanks for sharing perl only code.

    @Richard,
    Sure, fping was covered some time ago..

  • Scott Carlson March 6, 2008, 2:41 am

    I generally just use this “ping -b 192.168.1.255” Which broadcasts a ping to the whole network at once.

  • Topper March 6, 2008, 8:38 am

    What about Windows machines with MS firewall which default forbid ICMP replay ?
    Maybe must use ARP cache after ping

  • Z3n0 March 6, 2008, 9:30 am

    another way…

    for ((ip=1;ip/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done

  • matthias March 6, 2008, 9:40 am

    If a host on your local network won’t answer on a ping request you could try arping, which does an arp request.
    arping 192.168.1.1
    ARPING 192.168.1.1 from 192.168.1.226 eth0
    Unicast reply from 192.168.1.1 [00:01:02:xx:xx:xx] 0.668ms

    Another method is simply using nmap:
    nmap -sP 192.168.1.0/24

  • Z3n0 March 6, 2008, 10:13 am

    Something wrong with prev. comment… (< and > char)

    for (( ip=1 ; ip<=254 ; ip++ )); do ping -c 1 -t 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done

  • phillip March 7, 2008, 12:42 pm

    Using nast ?

    http://netsecure.alcpress.com/nast/

    nast -m

    best.

  • sg March 7, 2008, 4:29 pm

    another option is installing arpwatch.

  • suren March 16, 2008, 4:28 am

    wont this command do ???

    nbtscan 10.0.0.1-125

    this checks all the computers whose ip address are in the range of 10.0.0.1 to 10.0.0.125 and displays only those which are ON and connected to the network !

  • Johny May 6, 2009, 6:52 pm

    Matthias, thumbs up for the nmap solution.

  • Remi Nodet June 4, 2009, 8:54 am

    Even faster (produces a little bit of confusing output in the beginning but it does the job fast):

    for ip in $(perl -e '$,="\n"; print 1 .. 254;') ; do ping -t 1 -c 1 192.168.146.$ip > /dev/null && echo "192.168.146.$ip UP" >> hosts.log || : & sleep 0.02; done; sleep 1;cat hosts.log;rm hosts.log

    • jags January 8, 2012, 7:07 am

      this is awesome

  • nishu April 18, 2010, 9:55 pm

    can anyone tell how to see the network address and system names in up in lan in linux..

  • hotsw4p July 24, 2010, 12:22 am

    i liked the nmap solution best as well, thanks Matthias for that.

  • mr August 25, 2010, 10:32 am

    check out the space after the n parameter: for /L %I in (1,1,254) DO ping -w 30 -n 1 192.168.1.%I | find “Reply”

  • horizons December 8, 2010, 12:07 am

    smbtree -SN |grep \\\\ |cut -f2 |cut -d”\\” -f3

    will give a list of netbios host responding on broadcast address
    (smbtree is part of the samba suite)

  • rst_ack February 9, 2011, 7:05 pm

    #arp-scan -l

    • thingymebob March 11, 2013, 1:00 pm

      +1, much quicker way to found out what’s on your network.

      • ronfish May 3, 2013, 7:46 pm

        +2…NICE!

  • berner May 24, 2011, 6:24 pm

    Very nice, all that. Thanks guys!

  • James June 20, 2011, 1:58 pm

    Here’s a batchfile i made that pings any range of adresses:

    @echo off & For /L %%i in (%4,1,255) do @ping -n 1 %1.%2.%3.%%i | find “Received = 0” >nul & if errorlevel 1 @echo %1.%2.%3.%%i

    most of the code is to tidy the output up. Save as PINGER.bat

    Type:
    PINGER 192 168 0 0
    **without** the dots to find the range 192.168.0.0 to 192.168.0.255
    or any other address PINGER 145 233 2 0 etc
    cheers

  • lina July 13, 2011, 1:55 am

    How would you do this on a Mac? I tried it and got the error -bash: seq: command not found

    • Tonio March 20, 2012, 2:17 pm

      Just don’t buy a mac :p

  • Stan Tkhorovsky November 18, 2011, 6:28 pm

    Thanks for ‘nast -m’ tip (3 years later ;) ) – liked it best.

    @ lina – check out casper’s comment regarding non-Linux systems

  • Rodger January 2, 2012, 8:07 am

    Using cygwin on Windows, this did not work as expected.
    It produced
    192.168.1.1 UP

    192.168.1.100 UP

    for every IP address.

    Problem is, this network is 192.168.2.1, not 192.168.1.1

    Further investigation:
    ping 192.168.2.1 produced a response from an IP from the ISP.

    Know and Test what you are doing!

  • Lukas January 24, 2012, 2:54 pm

    Hi, i cant find all hosts by nmap -sP 10.6.0.0/24
    I know that router Mikrotik has got IP address 10.6.0.1, hi can i found with nmap ALL hosts at subnet? Which mode of nmap I have to use for this?
    Could you help me, please? Thanks a lot.

    Lukas

  • go2null February 23, 2012, 11:39 am

    Hi all,

    I tested four proposed solutions on the same lan within the same hour :

    1- for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo “192.168.1.$ip UP” || : ; done
    *** 26 hosts ***

    2- nmap -sP 192.168.1.0/24
    *** 18 hosts ***

    3- nast -m -i eth0
    *** 32 hosts (31 if I exclude the broadcast address) ***

    4- arp-scan -l -I eth0
    *** 35 hosts (32 if I exclude the lan address, the broadcast address and a duplicate host address of a vmware VM which is not discovered by the other tools) ***

    My prefered tool is arp-scan, for several reasons :

    1- It finds the max of hosts,
    2- It is the faster (flash speed),
    3- It provides additional information about the NIC when possible.

    Thanks for this very interesting topic and the comments.

  • Asim April 17, 2012, 3:15 pm

    for /L %x in (1,1,254) do @ping 192.168.122.%x -w 100 -n 1 | find “Reply”

  • masuch April 21, 2012, 2:52 pm

    Hi,

    Could please abybody get me some clue how to identify what is on the following ip addresses got by sudo arp -a command:
    ? (192.168.1.207) at on eth1
    ? (192.168.1.1) at 00:22:3f:ad:c4:be [ether] on eth1
    ? (192.168.1.51) at on eth1
    ? (192.168.1.204) at on eth1
    ? (192.168.1.254) at on eth1
    ? (192.168.1.151) at on eth1
    ? (192.168.1.48) at on eth1
    ? (192.168.1.98) at on eth1
    ? (192.168.1.251) at on eth1
    ? (192.168.1.45) at on eth1
    ? (192.168.1.198) at on eth1
    ? (192.168.1.95) at on eth1
    ? (192.168.1.145) at on eth1
    ? (192.168.1.86) at on eth1
    ? (192.168.1.33) at on eth1
    ? (192.168.1.186) at on eth1
    ? (192.168.1.83) at on eth1
    ? (192.168.1.236) at on eth1
    ? (192.168.1.133) at on eth1
    ? (192.168.1.30) at on eth1
    ? (192.168.1.183) at on eth1
    ? (192.168.1.130) at on eth1
    ? (192.168.1.77) at on eth1
    ? (192.168.1.127) at on eth1
    ? (192.168.1.74) at on eth1
    ? (192.168.1.227) at on eth1
    ? (192.168.1.238) at on eth1
    ? (192.168.1.135) at on eth1
    ? (192.168.1.29) at on eth1
    ? (192.168.1.26) at on eth1
    ? (192.168.1.179) at on eth1
    ? (192.168.1.229) at on eth1
    ? (192.168.1.126) at on eth1
    ? (192.168.1.23) at on eth1
    ? (192.168.1.176) at on eth1
    ? (192.168.1.20) at on eth1
    ? (192.168.1.173) at on eth1
    ? (192.168.1.220) at on eth1
    ? (192.168.1.167) at on eth1

    Thanks in advance,
    M.

  • symeg June 6, 2012, 5:51 am

    @masuch: looks like you have a netgear router attached at 192.168.1.1 (based on the mac address). and no other machines attached.

  • masuch June 6, 2012, 11:50 am

    Hi,

    Yes, it is netgear – how can I recognize according to MAC address what device is it ?
    Could you please share some documentation ?

    did you use:
    http://tools.springheadmedia.com/mac.php?m1=00&m2=&m3=&m4=&m5=&m6=&find=Find
    OR
    something else … ?

    Thanks,
    Regards,
    masuch

  • Matias November 11, 2012, 9:22 am

    In linux, this would be faster
    echo 192.168.1.{1..254}|xargs -n1 -P0 ping -c1|grep “bytes from”

  • Anders Larsson May 17, 2013, 6:48 pm

    One second

    #!/bin/bash
    for ip in 192.168.0.{1..254}; do
    ping -c 1 -W 1 $ip | grep “64 bytes” &
    done

    • LeFeRiSoN October 16, 2013, 11:43 pm

      0,5 Second whit first Post ;)

      #!/bin/bash
      for ip in $(seq 1 254)
              do ping -c 1 "192.168.0.$ip">/dev/null
                 [ $? -eq 0 ] && echo "192.168.1.$ip UP" || echo "192.168.1.$ip DOWN..."
              done
      
  • john doe March 27, 2014, 11:45 pm

    nmap -sn ip/subnet
    like if subnet mask is 255.255.254.0, and your ip is 192.168.1.3
    then: nmap -sn 192.168.1.0/23

    Research subnets.

  • sunil September 25, 2014, 1:22 pm

    how to check which are all systems connected in lan

  • Santosh January 26, 2015, 5:00 pm

    Really awesome. Alternative easy to use is nmap.

  • Six March 28, 2015, 7:32 pm

    I think the first example should be updated to make use of Bash’s brace expansion, for which this is a textbook use case… Following is an outline of various network browsing/scanning utilities and their associated time.

    # manual ping scan
    # real	1m48.064s
    netscan(){
        for ip in 192.168.1.{1..254}; do
            if ping -c1 -W1 "$ip" &>/dev/null; then
                echo "$ip"
            fi
        done
    }
    # manual ping scan
    # real	0m1.077s
    echo 192.168.1.{1..254} | xargs -n1 -P0 ping -c1 -W1 | grep -oP '(?/dev/null | sort -V
    # scan network for NetBIOS name information
    # real	0m4.015s
    nbtscan -q 192.168.1.0/24
    sudo nbtscan -qr 192.168.1.0/24  # use local port 137
    # show tree of samba servers in the network
    smbtree -NS 2>/dev/null
    # display network mDNS/DNS-SD services
    # (remove -l to include local services)
    avahi-browse -alt
    avahi-browse -alrt  # resolve services
    # dump ARP cache
    arp
    arp -a  # no fixed columns
    # show ARP and NDISC cache
    ip neigh
    
  • Six March 28, 2015, 7:34 pm

    One of the examples was cut off… should have been

    # manual ping scan
    # real	0m1.077s
    echo 192.168.1.{1..254} | \
    xargs -n1 -P0 ping -c1 -W1 | \
    grep -oP '(?<=bytes from ).*(?=:)' | \
    sort -V
    

Leave a Comment