Is there a way to scan for free IPs on the network? I use
nmap -sP 192.168.1.0/24
but this actually shows hosts that are up.Check a range of IP addresses to see if a host is active. Don't write a bash script for this. There are prebuilt tools available already. Leverage them instead. Upvoting @Caleb for nmap. If systems are filtering ICMP and not responding, you'd never know if there was a system at the address you're trying to ping. The command will ping iP range 192.168.1.100 to 192.168.1.220 and send 2 echo request. Results of the ping is save on drive d at a file named pingx.txt. Results of the ping is save on drive d at a file named pingx.txt.
HTFHTF
4 Answers
![How How](/uploads/1/2/4/8/124856076/450805994.png)
Using Nmap like this is a fairly accurate way of doing what you asked, provided that some preconditions are true:
![Ping Ping](http://www.gfi.com/blog/wp-content/uploads/2013/07/Icigna2_Overview.png)
- You must run the scan as root (or Administrator on Windows) in order to send ARP requests, not TCP connections. Otherwise the scan may report an address as 'down' when it is simply firewalled.
- You can only do this from a system on the same data link (layer 2) as the address range you are scanning. Otherwise, Nmap will need to use network-layer probes which can be blocked by a firewall.
In order to get the 'available' addresses, you need to get the list of addresses that Nmap reports as 'down.' You can do this with a simple awk command:
Summary of Nmap options used:
- When you use the
-v
option, Nmap will print the addresses it finds as 'down' in addition to the ones that are 'up'. - Instead of
-sP
, I've substituted the newer spelling-sn
, which still accomplishes the same scan, but means 'skip the port scan' instead of the misleading 'Ping scan' (since the host discovery phase does not necessarily mean an ICMP Echo scan or Ping). - The
-n
option skips reverse DNS lookups, which buys you a bit of time, since you aren't interested in names but just IP addresses. - The
-oG
option tells Nmap to output grepable format, which is easier for awk to process. The argument '-
' tells it to send this output to stdout.
The awk command then searches for 'Status: Down' and prints the second field, containing the IP address.
Of course, if you have access to the switch's running configs or the DHCP server's leases, you could get this answer much more authoritatively without doing a scan that could set off security alarms.
bonsaivikingbonsaiviking
Not sure about n-map, but one could reasonably assume that if you write a ping script that sends 1 ping to each address that any hosts that come back with 'destination unreachable' is unoccupied, and anything that comes back 'request time out' is occupied but not responding to ping. The difference between the two responses is that 'destination unreachable' did not receive a response to its ARP request. 'Request time out' means something did respond to the ARP request, but not the ICMP packet.
MartinCMartinC
Here is another one inspired by Anders Larsson
for ip in 172.18.5.{129..254}; do { ping -c 1 -W 1 $ip ; } &> /dev/null || echo $ip & done | sort
Which it means: 'Try to ping all the Ips in the range. If the 'ping' fails print that IP'
If you do
Works fast, but I noticed some hosts reported as 'Down' are actually 'Up'
Radu GabrielRadu Gabriel
gsarnoldgsarnold
Not the answer you're looking for? Browse other questions tagged nmap or ask your own question.
I am trying to ping all the systems available in the local area network using terminal command.
Can any one tell me how to do this?
KVKKVK
4 Answers
You can install an application called
nmap
.Then you can check your entire network for all connected IP addresses by typing in the following:
The above command will scan all IP addresses starting at
192.168.1.1
through 192.168.1.254
and show you all IPs that responded. You can scan other IP address ranges like
192.168.0.1 - 192.168.1.254
by typing in the following:A typical scan might return something like the following:
I hope this helps!
TerranceTerrance
fping is another command to ping all ip in LAN.
-a
Show systems that are alive.-r
n Retry limit (default 3). This is the number of times an attempt at pinging a target will be made, not including the first try.-g
addr/mask Generate a target list from a supplied IP netmask, or a starting and ending IP. Specify the netmask or start/end in the targets portion of the command line. If a network with netmask is given, the network and broadcast addresses will be excluded.To scan range of IP addresses from 192.168.0.1 to 192.168.0.9 just run:
That will output:
Here is the ubuntu manual to use fping with different options.
d a i s yd a i s y
There are 2 ways:
- Use
nmap
to scan entire local subnets in only one command. Forexample:nmap -sP 192.168.0.1/24
- Use
arp-scan
, it sends ARP packets to hosts on the local networkand displays any responses that are received. By default, it's notinstalled. So install it by the commandsudo apt-get install arp-scan
.
Once it's accomplished. Launch this command to scan entire local network on the specified interface (For example, your network interface is named
eth0
):or give a specific subnet:
Tung TranTung Tran
The simplest way to ping all the hosts on a LAN is with IPv6:
The
-n
flag means no reverse DNS will be performed. Without that it would be slowed down by trying to perform reverse DNS on link-local addresses, which is not going to work anyway.The
-c2
flag means it will send only two pings before terminating.The address
ff02::1
is an anycast address targeting all hosts on the link.Finally
%eth0
is the notation appended to link-local IPv6 addresses in order to indicate which interface to be using. Usually this will be eth0
or wlan0
.You can do the same with IPv4, but it involves an additional step to look up the broadcast address for the segment.
Here I first used
ifconfig
to see what the IP address of eth0
is and then I ping it. Additionally I need the -b
flag to tell ping
that I really do want to ping a broadcast address.kasperdkasperd