43 comment

1. You would probably use
   "for ip in $(perl -e '$,="\n"; print 0 .. 8;') ; do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done"
   on non GNU/Linux system, as seq does not exist on Solaris and OSX.

2. Ups, this is nicer, and faster.
   for ip in $(perl -e '$,="\n"; print 1 .. 254;') ; do ping -t 1 -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done

   I’ve added a 1 sec. timeout on ping.

   1. Looping in Perl just to print a sequence of numbers is really braindead.

3. Do you know fping ?
   $ sudo apt-get install fping
   $ fping -a -g 192.168.1.0/24 2> /dev/null

4. @Casper,
   Thanks for sharing perl only code.

   @Richard,
   Sure, fping was covered some time ago..

5. I generally just use this “ping -b 192.168.1.255” Which broadcasts a ping to the whole network at once.

6. What about Windows machines with MS firewall which default forbid ICMP replay ?
   Maybe must use ARP cache after ping

7. another way…

   for ((ip=1;ip/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done

8. If a host on your local network won’t answer on a ping request you could try arping, which does an arp request.
   arping 192.168.1.1
ARPING 192.168.1.1 from 192.168.1.226 eth0
Unicast reply from 192.168.1.1 [00:01:02:xx:xx:xx] 0.668ms

   Another method is simply using nmap:
   nmap -sP 192.168.1.0/24

9. Something wrong with prev. comment… (< and > char)
   
for (( ip=1 ; ip<=254 ; ip++ )); do ping -c 1 -t 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done


10. Using nast ?

    http://netsecure.alcpress.com/nast/

    nast -m

    best.

11. another option is installing arpwatch.

12. wont this command do ???

    nbtscan 10.0.0.1-125

    this checks all the computers whose ip address are in the range of 10.0.0.1 to 10.0.0.125 and displays only those which are ON and connected to the network !

13. Matthias, thumbs up for the nmap solution.

14. Even faster (produces a little bit of confusing output in the beginning but it does the job fast):
    
for ip in $(perl -e '$,="\n"; print 1 .. 254;') ; do ping -t 1 -c 1 192.168.146.$ip > /dev/null && echo "192.168.146.$ip UP" >> hosts.log || : & sleep 0.02; done; sleep 1;cat hosts.log;rm hosts.log


    1. this is awesome

15. can anyone tell how to see the network address and system names in up in lan in linux..

16. i liked the nmap solution best as well, thanks Matthias for that.

17. check out the space after the n parameter: for /L %I in (1,1,254) DO ping -w 30 -n 1 192.168.1.%I | find “Reply”

18. smbtree -SN |grep \\\\ |cut -f2 |cut -d”\\” -f3

    will give a list of netbios host responding on broadcast address
    (smbtree is part of the samba suite)

19. #arp-scan -l

    1. +1, much quicker way to found out what’s on your network.

       1. +2…NICE!

20. Very nice, all that. Thanks guys!

21. Here’s a batchfile i made that pings any range of adresses:

    @echo off & For /L %%i in (%4,1,255) do @ping -n 1 %1.%2.%3.%%i | find “Received = 0” >nul & if errorlevel 1 @echo %1.%2.%3.%%i

    most of the code is to tidy the output up. Save as PINGER.bat

    Type:
    PINGER 192 168 0 0
    **without** the dots to find the range 192.168.0.0 to 192.168.0.255
    or any other address PINGER 145 233 2 0 etc
    cheers

22. How would you do this on a Mac? I tried it and got the error -bash: seq: command not found

    1. Just don’t buy a mac :p

23. Thanks for ‘nast -m’ tip (3 years later ;) ) – liked it best.

    @ lina – check out casper’s comment regarding non-Linux systems

24. Using cygwin on Windows, this did not work as expected.
    It produced
    192.168.1.1 UP
    …
    192.168.1.100 UP
    …
    for every IP address.

    Problem is, this network is 192.168.2.1, not 192.168.1.1

    Further investigation:
    ping 192.168.2.1 produced a response from an IP from the ISP.

    Know and Test what you are doing!

25. Hi, i cant find all hosts by nmap -sP 10.6.0.0/24
    I know that router Mikrotik has got IP address 10.6.0.1, hi can i found with nmap ALL hosts at subnet? Which mode of nmap I have to use for this?
    Could you help me, please? Thanks a lot.

    Lukas

26. Hi all,

    I tested four proposed solutions on the same lan within the same hour :

    1- for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo “192.168.1.$ip UP” || : ; done
    *** 26 hosts ***

    2- nmap -sP 192.168.1.0/24
    *** 18 hosts ***

    3- nast -m -i eth0
    *** 32 hosts (31 if I exclude the broadcast address) ***

    4- arp-scan -l -I eth0
    *** 35 hosts (32 if I exclude the lan address, the broadcast address and a duplicate host address of a vmware VM which is not discovered by the other tools) ***

    My prefered tool is arp-scan, for several reasons :

    1- It finds the max of hosts,
    2- It is the faster (flash speed),
    3- It provides additional information about the NIC when possible.

    Thanks for this very interesting topic and the comments.

27. for /L %x in (1,1,254) do @ping 192.168.122.%x -w 100 -n 1 | find “Reply”

28. Hi,

    Could please abybody get me some clue how to identify what is on the following ip addresses got by sudo arp -a command:
    ? (192.168.1.207) at on eth1
    ? (192.168.1.1) at 00:22:3f:ad:c4:be [ether] on eth1
    ? (192.168.1.51) at on eth1
    ? (192.168.1.204) at on eth1
    ? (192.168.1.254) at on eth1
    ? (192.168.1.151) at on eth1
    ? (192.168.1.48) at on eth1
    ? (192.168.1.98) at on eth1
    ? (192.168.1.251) at on eth1
    ? (192.168.1.45) at on eth1
    ? (192.168.1.198) at on eth1
    ? (192.168.1.95) at on eth1
    ? (192.168.1.145) at on eth1
    ? (192.168.1.86) at on eth1
    ? (192.168.1.33) at on eth1
    ? (192.168.1.186) at on eth1
    ? (192.168.1.83) at on eth1
    ? (192.168.1.236) at on eth1
    ? (192.168.1.133) at on eth1
    ? (192.168.1.30) at on eth1
    ? (192.168.1.183) at on eth1
    ? (192.168.1.130) at on eth1
    ? (192.168.1.77) at on eth1
    ? (192.168.1.127) at on eth1
    ? (192.168.1.74) at on eth1
    ? (192.168.1.227) at on eth1
    ? (192.168.1.238) at on eth1
    ? (192.168.1.135) at on eth1
    ? (192.168.1.29) at on eth1
    ? (192.168.1.26) at on eth1
    ? (192.168.1.179) at on eth1
    ? (192.168.1.229) at on eth1
    ? (192.168.1.126) at on eth1
    ? (192.168.1.23) at on eth1
    ? (192.168.1.176) at on eth1
    ? (192.168.1.20) at on eth1
    ? (192.168.1.173) at on eth1
    ? (192.168.1.220) at on eth1
    ? (192.168.1.167) at on eth1

    Thanks in advance,
    M.

29. @masuch: looks like you have a netgear router attached at 192.168.1.1 (based on the mac address). and no other machines attached.

30. Hi,

    Yes, it is netgear – how can I recognize according to MAC address what device is it ?
    Could you please share some documentation ?

    did you use:
    http://tools.springheadmedia.com/mac.php?m1=00&m2=&m3=&m4=&m5=&m6=&find=Find
    OR
    something else … ?

    Thanks,
    Regards,
    masuch

31. In linux, this would be faster
    echo 192.168.1.{1..254}|xargs -n1 -P0 ping -c1|grep “bytes from”

32. One second

    #!/bin/bash
    for ip in 192.168.0.{1..254}; do
    ping -c 1 -W 1 $ip | grep “64 bytes” &
    done

    1. 0,5 Second whit first Post ;)

       #!/bin/bash
       
       for ip in $(seq 1 254)
               do ping -c 1 "192.168.0.$ip">/dev/null
                  [ $? -eq 0 ] && echo "192.168.1.$ip UP" || echo "192.168.1.$ip DOWN..."
               done
       

33. nmap -sn ip/subnet
    like if subnet mask is 255.255.254.0, and your ip is 192.168.1.3
    then: nmap -sn 192.168.1.0/23

    Research subnets.

34. how to check which are all systems connected in lan

35. Really awesome. Alternative easy to use is nmap.

36. I think the first example should be updated to make use of Bash’s brace expansion, for which this is a textbook use case… Following is an outline of various network browsing/scanning utilities and their associated time.

    # manual ping scan # real 1m48.064s netscan(){ for ip in 192.168.1.{1..254}; do if ping -c1 -W1 "$ip" &>/dev/null; then echo "$ip" fi done }   # manual ping scan # real 0m1.077s echo 192.168.1.{1..254} | xargs -n1 -P0 ping -c1 -W1 | grep -oP '(?/dev/null | sort -V   # scan network for NetBIOS name information # real 0m4.015s nbtscan -q 192.168.1.0/24 sudo nbtscan -qr 192.168.1.0/24 # use local port 137   # show tree of samba servers in the network smbtree -NS 2>/dev/null   # display network mDNS/DNS-SD services # (remove -l to include local services) avahi-browse -alt avahi-browse -alrt # resolve services   # dump ARP cache arp arp -a # no fixed columns   # show ARP and NDISC cache ip neigh

    # manual ping scan # real 1m48.064s netscan(){ for ip in 192.168.1.{1..254}; do if ping -c1 -W1 "$ip" &amp;&gt;/dev/null; then echo "$ip" fi done } # manual ping scan # real 0m1.077s echo 192.168.1.{1..254} | xargs -n1 -P0 ping -c1 -W1 | grep -oP '(?/dev/null | sort -V # scan network for NetBIOS name information # real 0m4.015s nbtscan -q 192.168.1.0/24 sudo nbtscan -qr 192.168.1.0/24 # use local port 137 # show tree of samba servers in the network smbtree -NS 2&gt;/dev/null # display network mDNS/DNS-SD services # (remove -l to include local services) avahi-browse -alt avahi-browse -alrt # resolve services # dump ARP cache arp arp -a # no fixed columns # show ARP and NDISC cache ip neigh

37. One of the examples was cut off… should have been

    # manual ping scan
    # real	0m1.077s
    echo 192.168.1.{1..254} | \
    xargs -n1 -P0 ping -c1 -W1 | \
    grep -oP '(?<=bytes from ).*(?=:)' | \
    sort -V
    

    Have a question? Post it on our forum!