Finding All Hosts On the LAN From Linux / Windows Workstation

Q. How do I find out if all host computers on the LAN are alive or dead from a Linux or Windows XP computer? My network subnet range is 192.168.1.0/24 and I’m using dual boot Debian Linux / XP SP2 computer.

A.You can use normal ping command and shell script loop statement to print the list of all LAN computers from a shell prompt.

Linux / UNIX one liner to ping all hosts on the LAN

Type the following command, enter:
$ for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done
Output:

192.168.1.1 UP
192.168.1.1 UP
192.168.1.2 UP
192.168.1.5 UP
......
...
..
192.168.1.254 UP

See previous article: Simple Linux and UNIX system monitoring with ping command and scripts.

A Note About Windows Workstation

If you are using Windows 2000 / XP / Vista, try something as follows at DOS / NT command prompt (Start > Run > CMD > Enter key):
c:> for /L %I in (1,1,254) DO ping -w 30 -n1 192.168.1.%I | find "Reply"
Read cmd.exe help page and batch scripting documentation for more information.


🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 43 comments so far... add one


CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
43 comments… add one
  • Casper Mar 5, 2008 @ 18:37

    You would probably use
    "for ip in $(perl -e '$,="\n"; print 0 .. 8;') ; do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done"
    on non GNU/Linux system, as seq does not exist on Solaris and OSX.

  • Casper Mar 5, 2008 @ 18:41

    Ups, this is nicer, and faster.
    for ip in $(perl -e '$,="\n"; print 1 .. 254;') ; do ping -t 1 -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done

    I’ve added a 1 sec. timeout on ping.

    • Ryan Sharp Dec 26, 2011 @ 0:31

      Looping in Perl just to print a sequence of numbers is really braindead.

  • richard Mar 5, 2008 @ 20:28

    Do you know fping ?
    $ sudo apt-get install fping
    $ fping -a -g 192.168.1.0/24 2> /dev/null

  • 🐧 nixCraft Mar 5, 2008 @ 21:27

    @Casper,
    Thanks for sharing perl only code.

    @Richard,
    Sure, fping was covered some time ago..

  • Scott Carlson Mar 6, 2008 @ 2:41

    I generally just use this “ping -b 192.168.1.255” Which broadcasts a ping to the whole network at once.

  • Topper Mar 6, 2008 @ 8:38

    What about Windows machines with MS firewall which default forbid ICMP replay ?
    Maybe must use ARP cache after ping

  • Z3n0 Mar 6, 2008 @ 9:30

    another way…

    for ((ip=1;ip/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done

  • matthias Mar 6, 2008 @ 9:40

    If a host on your local network won’t answer on a ping request you could try arping, which does an arp request.
    arping 192.168.1.1
    ARPING 192.168.1.1 from 192.168.1.226 eth0
    Unicast reply from 192.168.1.1 [00:01:02:xx:xx:xx] 0.668ms

    Another method is simply using nmap:
    nmap -sP 192.168.1.0/24

  • Z3n0 Mar 6, 2008 @ 10:13

    Something wrong with prev. comment… (< and > char)

    for (( ip=1 ; ip<=254 ; ip++ )); do ping -c 1 -t 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done

  • phillip Mar 7, 2008 @ 12:42

    Using nast ?

    http://netsecure.alcpress.com/nast/

    nast -m

    best.

  • sg Mar 7, 2008 @ 16:29

    another option is installing arpwatch.

  • suren Mar 16, 2008 @ 4:28

    wont this command do ???

    nbtscan 10.0.0.1-125

    this checks all the computers whose ip address are in the range of 10.0.0.1 to 10.0.0.125 and displays only those which are ON and connected to the network !

  • Johny May 6, 2009 @ 18:52

    Matthias, thumbs up for the nmap solution.

  • Remi Nodet Jun 4, 2009 @ 8:54

    Even faster (produces a little bit of confusing output in the beginning but it does the job fast):

    for ip in $(perl -e '$,="\n"; print 1 .. 254;') ; do ping -t 1 -c 1 192.168.146.$ip > /dev/null && echo "192.168.146.$ip UP" >> hosts.log || : & sleep 0.02; done; sleep 1;cat hosts.log;rm hosts.log

    • jags Jan 8, 2012 @ 7:07

      this is awesome

  • nishu Apr 18, 2010 @ 21:55

    can anyone tell how to see the network address and system names in up in lan in linux..

  • hotsw4p Jul 24, 2010 @ 0:22

    i liked the nmap solution best as well, thanks Matthias for that.

  • mr Aug 25, 2010 @ 10:32

    check out the space after the n parameter: for /L %I in (1,1,254) DO ping -w 30 -n 1 192.168.1.%I | find “Reply”

  • horizons Dec 8, 2010 @ 0:07

    smbtree -SN |grep \\\\ |cut -f2 |cut -d”\\” -f3

    will give a list of netbios host responding on broadcast address
    (smbtree is part of the samba suite)

  • rst_ack Feb 9, 2011 @ 19:05

    #arp-scan -l

    • thingymebob Mar 11, 2013 @ 13:00

      +1, much quicker way to found out what’s on your network.

      • ronfish May 3, 2013 @ 19:46

        +2…NICE!

  • berner May 24, 2011 @ 18:24

    Very nice, all that. Thanks guys!

  • James Jun 20, 2011 @ 13:58

    Here’s a batchfile i made that pings any range of adresses:

    @echo off & For /L %%i in (%4,1,255) do @ping -n 1 %1.%2.%3.%%i | find “Received = 0” >nul & if errorlevel 1 @echo %1.%2.%3.%%i

    most of the code is to tidy the output up. Save as PINGER.bat

    Type:
    PINGER 192 168 0 0
    **without** the dots to find the range 192.168.0.0 to 192.168.0.255
    or any other address PINGER 145 233 2 0 etc
    cheers

  • lina Jul 13, 2011 @ 1:55

    How would you do this on a Mac? I tried it and got the error -bash: seq: command not found

    • Tonio Mar 20, 2012 @ 14:17

      Just don’t buy a mac :p

  • Stan Tkhorovsky Nov 18, 2011 @ 18:28

    Thanks for ‘nast -m’ tip (3 years later ;) ) – liked it best.

    @ lina – check out casper’s comment regarding non-Linux systems

  • Rodger Jan 2, 2012 @ 8:07

    Using cygwin on Windows, this did not work as expected.
    It produced
    192.168.1.1 UP

    192.168.1.100 UP

    for every IP address.

    Problem is, this network is 192.168.2.1, not 192.168.1.1

    Further investigation:
    ping 192.168.2.1 produced a response from an IP from the ISP.

    Know and Test what you are doing!

  • Lukas Jan 24, 2012 @ 14:54

    Hi, i cant find all hosts by nmap -sP 10.6.0.0/24
    I know that router Mikrotik has got IP address 10.6.0.1, hi can i found with nmap ALL hosts at subnet? Which mode of nmap I have to use for this?
    Could you help me, please? Thanks a lot.

    Lukas

  • go2null Feb 23, 2012 @ 11:39

    Hi all,

    I tested four proposed solutions on the same lan within the same hour :

    1- for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo “192.168.1.$ip UP” || : ; done
    *** 26 hosts ***

    2- nmap -sP 192.168.1.0/24
    *** 18 hosts ***

    3- nast -m -i eth0
    *** 32 hosts (31 if I exclude the broadcast address) ***

    4- arp-scan -l -I eth0
    *** 35 hosts (32 if I exclude the lan address, the broadcast address and a duplicate host address of a vmware VM which is not discovered by the other tools) ***

    My prefered tool is arp-scan, for several reasons :

    1- It finds the max of hosts,
    2- It is the faster (flash speed),
    3- It provides additional information about the NIC when possible.

    Thanks for this very interesting topic and the comments.

  • Asim Apr 17, 2012 @ 15:15

    for /L %x in (1,1,254) do @ping 192.168.122.%x -w 100 -n 1 | find “Reply”

  • masuch Apr 21, 2012 @ 14:52

    Hi,

    Could please abybody get me some clue how to identify what is on the following ip addresses got by sudo arp -a command:
    ? (192.168.1.207) at on eth1
    ? (192.168.1.1) at 00:22:3f:ad:c4:be [ether] on eth1
    ? (192.168.1.51) at on eth1
    ? (192.168.1.204) at on eth1
    ? (192.168.1.254) at on eth1
    ? (192.168.1.151) at on eth1
    ? (192.168.1.48) at on eth1
    ? (192.168.1.98) at on eth1
    ? (192.168.1.251) at on eth1
    ? (192.168.1.45) at on eth1
    ? (192.168.1.198) at on eth1
    ? (192.168.1.95) at on eth1
    ? (192.168.1.145) at on eth1
    ? (192.168.1.86) at on eth1
    ? (192.168.1.33) at on eth1
    ? (192.168.1.186) at on eth1
    ? (192.168.1.83) at on eth1
    ? (192.168.1.236) at on eth1
    ? (192.168.1.133) at on eth1
    ? (192.168.1.30) at on eth1
    ? (192.168.1.183) at on eth1
    ? (192.168.1.130) at on eth1
    ? (192.168.1.77) at on eth1
    ? (192.168.1.127) at on eth1
    ? (192.168.1.74) at on eth1
    ? (192.168.1.227) at on eth1
    ? (192.168.1.238) at on eth1
    ? (192.168.1.135) at on eth1
    ? (192.168.1.29) at on eth1
    ? (192.168.1.26) at on eth1
    ? (192.168.1.179) at on eth1
    ? (192.168.1.229) at on eth1
    ? (192.168.1.126) at on eth1
    ? (192.168.1.23) at on eth1
    ? (192.168.1.176) at on eth1
    ? (192.168.1.20) at on eth1
    ? (192.168.1.173) at on eth1
    ? (192.168.1.220) at on eth1
    ? (192.168.1.167) at on eth1

    Thanks in advance,
    M.

  • symeg Jun 6, 2012 @ 5:51

    @masuch: looks like you have a netgear router attached at 192.168.1.1 (based on the mac address). and no other machines attached.

  • masuch Jun 6, 2012 @ 11:50

    Hi,

    Yes, it is netgear – how can I recognize according to MAC address what device is it ?
    Could you please share some documentation ?

    did you use:
    http://tools.springheadmedia.com/mac.php?m1=00&m2=&m3=&m4=&m5=&m6=&find=Find
    OR
    something else … ?

    Thanks,
    Regards,
    masuch

  • Matias Nov 11, 2012 @ 9:22

    In linux, this would be faster
    echo 192.168.1.{1..254}|xargs -n1 -P0 ping -c1|grep “bytes from”

  • Anders Larsson May 17, 2013 @ 18:48

    One second

    #!/bin/bash
    for ip in 192.168.0.{1..254}; do
    ping -c 1 -W 1 $ip | grep “64 bytes” &
    done

    • LeFeRiSoN Oct 16, 2013 @ 23:43

      0,5 Second whit first Post ;)

      #!/bin/bash
      
      for ip in $(seq 1 254)
              do ping -c 1 "192.168.0.$ip">/dev/null
                 [ $? -eq 0 ] && echo "192.168.1.$ip UP" || echo "192.168.1.$ip DOWN..."
              done
      
  • john doe Mar 27, 2014 @ 23:45

    nmap -sn ip/subnet
    like if subnet mask is 255.255.254.0, and your ip is 192.168.1.3
    then: nmap -sn 192.168.1.0/23

    Research subnets.

  • sunil Sep 25, 2014 @ 13:22

    how to check which are all systems connected in lan

  • Santosh Jan 26, 2015 @ 17:00

    Really awesome. Alternative easy to use is nmap.

  • Six Mar 28, 2015 @ 19:32

    I think the first example should be updated to make use of Bash’s brace expansion, for which this is a textbook use case… Following is an outline of various network browsing/scanning utilities and their associated time.

    56703147060cd392896e47_000000

  • Six Mar 28, 2015 @ 19:34

    One of the examples was cut off… should have been

    # manual ping scan
    # real	0m1.077s
    echo 192.168.1.{1..254} | \
    xargs -n1 -P0 ping -c1 -W1 | \
    grep -oP '(?<=bytes from ).*(?=:)' | \
    sort -V
    

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum