Finding All Hosts On the LAN From Linux / Windows Workstation

Q. How do I find out if all host computers on the LAN are alive or dead from a Linux or Windows XP computer? My network subnet range is 192.168.1.0/24 and I’m using dual boot Debian Linux / XP SP2 computer.

A.You can use normal ping command and shell script loop statement to print the list of all LAN computers from a shell prompt.

ADVERTISEMENTS

Linux / UNIX one liner to ping all hosts on the LAN

Type the following command, enter:
$ for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done
Output:

192.168.1.1 UP
192.168.1.1 UP
192.168.1.2 UP
192.168.1.5 UP
......
...
..
192.168.1.254 UP

See previous article: Simple Linux and UNIX system monitoring with ping command and scripts.

A Note About Windows Workstation

If you are using Windows 2000 / XP / Vista, try something as follows at DOS / NT command prompt (Start > Run > CMD > Enter key):
c:> for /L %I in (1,1,254) DO ping -w 30 -n1 192.168.1.%I | find "Reply"
Read cmd.exe help page and batch scripting documentation for more information.

🐧 If you liked this page, please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
43 comments… add one
  • Casper Mar 5, 2008 @ 18:37

    You would probably use
    "for ip in $(perl -e '$,="\n"; print 0 .. 8;') ; do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done"
    on non GNU/Linux system, as seq does not exist on Solaris and OSX.

  • Casper Mar 5, 2008 @ 18:41

    Ups, this is nicer, and faster.
    for ip in $(perl -e '$,="\n"; print 1 .. 254;') ; do ping -t 1 -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done

    I’ve added a 1 sec. timeout on ping.

    • Ryan Sharp Dec 26, 2011 @ 0:31

      Looping in Perl just to print a sequence of numbers is really braindead.

  • richard Mar 5, 2008 @ 20:28

    Do you know fping ?
    $ sudo apt-get install fping
    $ fping -a -g 192.168.1.0/24 2> /dev/null

  • 🐧 nixCraft Mar 5, 2008 @ 21:27

    @Casper,
    Thanks for sharing perl only code.

    @Richard,
    Sure, fping was covered some time ago..

  • Scott Carlson Mar 6, 2008 @ 2:41

    I generally just use this “ping -b 192.168.1.255” Which broadcasts a ping to the whole network at once.

  • Topper Mar 6, 2008 @ 8:38

    What about Windows machines with MS firewall which default forbid ICMP replay ?
    Maybe must use ARP cache after ping

  • Z3n0 Mar 6, 2008 @ 9:30

    another way…

    for ((ip=1;ip/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done

  • matthias Mar 6, 2008 @ 9:40

    If a host on your local network won’t answer on a ping request you could try arping, which does an arp request.
    arping 192.168.1.1
    ARPING 192.168.1.1 from 192.168.1.226 eth0
    Unicast reply from 192.168.1.1 [00:01:02:xx:xx:xx] 0.668ms

    Another method is simply using nmap:
    nmap -sP 192.168.1.0/24

  • Z3n0 Mar 6, 2008 @ 10:13

    Something wrong with prev. comment… (< and > char)

    for (( ip=1 ; ip<=254 ; ip++ )); do ping -c 1 -t 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.1.$ip UP" || : ; done

  • phillip Mar 7, 2008 @ 12:42

    Using nast ?

    http://netsecure.alcpress.com/nast/

    nast -m

    best.

  • sg Mar 7, 2008 @ 16:29

    another option is installing arpwatch.

  • suren Mar 16, 2008 @ 4:28

    wont this command do ???

    nbtscan 10.0.0.1-125

    this checks all the computers whose ip address are in the range of 10.0.0.1 to 10.0.0.125 and displays only those which are ON and connected to the network !

  • Johny May 6, 2009 @ 18:52

    Matthias, thumbs up for the nmap solution.

  • Remi Nodet Jun 4, 2009 @ 8:54

    Even faster (produces a little bit of confusing output in the beginning but it does the job fast):

    for ip in $(perl -e '$,="\n"; print 1 .. 254;') ; do ping -t 1 -c 1 192.168.146.$ip > /dev/null && echo "192.168.146.$ip UP" >> hosts.log || : & sleep 0.02; done; sleep 1;cat hosts.log;rm hosts.log

    • jags Jan 8, 2012 @ 7:07

      this is awesome

  • nishu Apr 18, 2010 @ 21:55

    can anyone tell how to see the network address and system names in up in lan in linux..

  • hotsw4p Jul 24, 2010 @ 0:22

    i liked the nmap solution best as well, thanks Matthias for that.

  • mr Aug 25, 2010 @ 10:32

    check out the space after the n parameter: for /L %I in (1,1,254) DO ping -w 30 -n 1 192.168.1.%I | find “Reply”

  • horizons Dec 8, 2010 @ 0:07

    smbtree -SN |grep \\\\ |cut -f2 |cut -d”\\” -f3

    will give a list of netbios host responding on broadcast address
    (smbtree is part of the samba suite)

  • rst_ack Feb 9, 2011 @ 19:05

    #arp-scan -l

    • thingymebob Mar 11, 2013 @ 13:00

      +1, much quicker way to found out what’s on your network.

      • ronfish May 3, 2013 @ 19:46

        +2…NICE!

  • berner May 24, 2011 @ 18:24

    Very nice, all that. Thanks guys!

  • James Jun 20, 2011 @ 13:58

    Here’s a batchfile i made that pings any range of adresses:

    @echo off & For /L %%i in (%4,1,255) do @ping -n 1 %1.%2.%3.%%i | find “Received = 0” >nul & if errorlevel 1 @echo %1.%2.%3.%%i

    most of the code is to tidy the output up. Save as PINGER.bat

    Type:
    PINGER 192 168 0 0
    **without** the dots to find the range 192.168.0.0 to 192.168.0.255
    or any other address PINGER 145 233 2 0 etc
    cheers

  • lina Jul 13, 2011 @ 1:55

    How would you do this on a Mac? I tried it and got the error -bash: seq: command not found

    • Tonio Mar 20, 2012 @ 14:17

      Just don’t buy a mac :p

  • Stan Tkhorovsky Nov 18, 2011 @ 18:28

    Thanks for ‘nast -m’ tip (3 years later ;) ) – liked it best.

    @ lina – check out casper’s comment regarding non-Linux systems

  • Rodger Jan 2, 2012 @ 8:07

    Using cygwin on Windows, this did not work as expected.
    It produced
    192.168.1.1 UP

    192.168.1.100 UP

    for every IP address.

    Problem is, this network is 192.168.2.1, not 192.168.1.1

    Further investigation:
    ping 192.168.2.1 produced a response from an IP from the ISP.

    Know and Test what you are doing!

  • Lukas Jan 24, 2012 @ 14:54

    Hi, i cant find all hosts by nmap -sP 10.6.0.0/24
    I know that router Mikrotik has got IP address 10.6.0.1, hi can i found with nmap ALL hosts at subnet? Which mode of nmap I have to use for this?
    Could you help me, please? Thanks a lot.

    Lukas

  • go2null Feb 23, 2012 @ 11:39

    Hi all,

    I tested four proposed solutions on the same lan within the same hour :

    1- for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip>/dev/null; [ $? -eq 0 ] && echo “192.168.1.$ip UP” || : ; done
    *** 26 hosts ***

    2- nmap -sP 192.168.1.0/24
    *** 18 hosts ***

    3- nast -m -i eth0
    *** 32 hosts (31 if I exclude the broadcast address) ***

    4- arp-scan -l -I eth0
    *** 35 hosts (32 if I exclude the lan address, the broadcast address and a duplicate host address of a vmware VM which is not discovered by the other tools) ***

    My prefered tool is arp-scan, for several reasons :

    1- It finds the max of hosts,
    2- It is the faster (flash speed),
    3- It provides additional information about the NIC when possible.

    Thanks for this very interesting topic and the comments.

  • Asim Apr 17, 2012 @ 15:15

    for /L %x in (1,1,254) do @ping 192.168.122.%x -w 100 -n 1 | find “Reply”

  • masuch Apr 21, 2012 @ 14:52

    Hi,

    Could please abybody get me some clue how to identify what is on the following ip addresses got by sudo arp -a command:
    ? (192.168.1.207) at on eth1
    ? (192.168.1.1) at 00:22:3f:ad:c4:be [ether] on eth1
    ? (192.168.1.51) at on eth1
    ? (192.168.1.204) at on eth1
    ? (192.168.1.254) at on eth1
    ? (192.168.1.151) at on eth1
    ? (192.168.1.48) at on eth1
    ? (192.168.1.98) at on eth1
    ? (192.168.1.251) at on eth1
    ? (192.168.1.45) at on eth1
    ? (192.168.1.198) at on eth1
    ? (192.168.1.95) at on eth1
    ? (192.168.1.145) at on eth1
    ? (192.168.1.86) at on eth1
    ? (192.168.1.33) at on eth1
    ? (192.168.1.186) at on eth1
    ? (192.168.1.83) at on eth1
    ? (192.168.1.236) at on eth1
    ? (192.168.1.133) at on eth1
    ? (192.168.1.30) at on eth1
    ? (192.168.1.183) at on eth1
    ? (192.168.1.130) at on eth1
    ? (192.168.1.77) at on eth1
    ? (192.168.1.127) at on eth1
    ? (192.168.1.74) at on eth1
    ? (192.168.1.227) at on eth1
    ? (192.168.1.238) at on eth1
    ? (192.168.1.135) at on eth1
    ? (192.168.1.29) at on eth1
    ? (192.168.1.26) at on eth1
    ? (192.168.1.179) at on eth1
    ? (192.168.1.229) at on eth1
    ? (192.168.1.126) at on eth1
    ? (192.168.1.23) at on eth1
    ? (192.168.1.176) at on eth1
    ? (192.168.1.20) at on eth1
    ? (192.168.1.173) at on eth1
    ? (192.168.1.220) at on eth1
    ? (192.168.1.167) at on eth1

    Thanks in advance,
    M.

  • symeg Jun 6, 2012 @ 5:51

    @masuch: looks like you have a netgear router attached at 192.168.1.1 (based on the mac address). and no other machines attached.

  • masuch Jun 6, 2012 @ 11:50

    Hi,

    Yes, it is netgear – how can I recognize according to MAC address what device is it ?
    Could you please share some documentation ?

    did you use:
    http://tools.springheadmedia.com/mac.php?m1=00&m2=&m3=&m4=&m5=&m6=&find=Find
    OR
    something else … ?

    Thanks,
    Regards,
    masuch

  • Matias Nov 11, 2012 @ 9:22

    In linux, this would be faster
    echo 192.168.1.{1..254}|xargs -n1 -P0 ping -c1|grep “bytes from”

  • Anders Larsson May 17, 2013 @ 18:48

    One second

    #!/bin/bash
    for ip in 192.168.0.{1..254}; do
    ping -c 1 -W 1 $ip | grep “64 bytes” &
    done

    • LeFeRiSoN Oct 16, 2013 @ 23:43

      0,5 Second whit first Post ;)

      #!/bin/bash
      
      for ip in $(seq 1 254)
              do ping -c 1 "192.168.0.$ip">/dev/null
                 [ $? -eq 0 ] && echo "192.168.1.$ip UP" || echo "192.168.1.$ip DOWN..."
              done
      
  • john doe Mar 27, 2014 @ 23:45

    nmap -sn ip/subnet
    like if subnet mask is 255.255.254.0, and your ip is 192.168.1.3
    then: nmap -sn 192.168.1.0/23

    Research subnets.

  • sunil Sep 25, 2014 @ 13:22

    how to check which are all systems connected in lan

  • Santosh Jan 26, 2015 @ 17:00

    Really awesome. Alternative easy to use is nmap.

  • Six Mar 28, 2015 @ 19:32

    I think the first example should be updated to make use of Bash’s brace expansion, for which this is a textbook use case… Following is an outline of various network browsing/scanning utilities and their associated time.

    15570199195f9c01d1a4f37_000000

  • Six Mar 28, 2015 @ 19:34

    One of the examples was cut off… should have been

    # manual ping scan
    # real	0m1.077s
    echo 192.168.1.{1..254} | \
    xargs -n1 -P0 ping -c1 -W1 | \
    grep -oP '(?<=bytes from ).*(?=:)' | \
    sort -V
    

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.