Display list of computers on a LAN in Linux
I’m a web dev who is trying to get a better handle on security. I’m trying to figure out a way (on Linux/Debian based distros) to list all computers on the same LAN my netbook is on. I tried «arp -n» but I don’t feel it’s a complete list, as my iPhone is on the same wi-fi router as my netbook, and that didn’t come up. Is there some better way to get a full list of machines that are all sharing the same gateway?
11 Answers 11
Get nmap. It’s the program Trinity used in The Matrix and you can do a scan to find all of the devices that are connected to the LAN you’re on and more.
OK. Looks like «sudo nmap -sL 123.123.123.*» is what I’m looking for, or maybe -sP instead of -sL. Thanks!
This is what I use, nmap, and an address using CIDR block notation of the network you want to scan. First you need to install nmap as it may not come pre-installed with you distro. On Ubuntu:
Next figure out your network address by using ifconfig:
ifconfig output for the interface I want to scan:
wlan1 Link encap:Ethernet HWaddr 00:1f:3b:03:d2:bf inet addr:192.168.1.104 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::21f:3bff:fe03:d2bf/64 Scope:Link . Use the inet addr and Mask to figure out the network address in CIDR notation, more on CIDR here. The address is:
Run nmap using -sP parameter, which will scan no further than checking if the host is online:
nmap output will look something like this:
Starting Nmap 5.21 ( http://nmap.org ) at 2014-12-09 10:52 EST Nmap scan report for 192.168.1.1 Host is up (0.013s latency). MAC Address: -MAC ADDRESS- (Cameo Communications) . Nmap done: 256 IP addresses (5 hosts up) scanned in 3.26 seconds That’s it, if you need more help with nmap, see the nmap official documentation, or run:
nmap -sA 192.168.1.0/24 nmap option -sA shows similar descriptive results with better readability , which includes device name, IP, mac, etc as with option -sP .. I personally prefer -sA over -sP for the readability sake.
@Jayzcode On my machine -sA is never returning, while -sP took only 3.73 seconds (detected the router, my PC and another PC). Any idea why?
@Rodrigo the -sA option also scans 1000 ports on the hosts, which may take time. It doubled the execution time for me. If you just want to know the list of connected devices, keep the -sP option.
arp -n only shows you machines on your LAN that your machine has already talked to. You can get that list to populate better by pinging the broadcast and all-hosts multicasts addresses:
The «all ones» (in binary) broadcast address. Note that most IP stacks will translate this to the subnet broadcast addresses for all subnets you’re attached to:
The subnet broadcast address for your current subnet. So assuming you’re on 192.168.1.0/24:
The «all hosts» multicast address. I like this one a lot because it’s more likely to find hosts configured for other IP subnets, that happen to be attached to the same Ethernet LAN as you:
Note that this method, and the other methods I’ve seen mentioned in other Answers so far, only look for IP-reachable hosts on the current network. That’s probably all you need to care about, but it’s possible for an attacker to snoop on, or do bad things to, a network without being visible via IP.
ip neigh and hosts . NO nmap required / NO sudo requied.
Building on this, you can build a Python script:
#!/usr/bin/env python """List all hosts with their IP adress of the current network.""" import os out = os.popen('ip neigh').read().splitlines() for i, line in enumerate(out, start=1): ip = line.split(' ')[0] h = os.popen('host <>'.format(ip)).read() hostname = h.split(' ')[-1] print("3>: <> (<>)".format(i, hostname.strip(), ip)) wget https://gist.githubusercontent.com/MartinThoma/699ae445b8a08b5afd16f7d6f5e5d0f8/raw/577fc32b57a7f9e66fdc9be60e7e498bbec7951a/neighbors.py (or simply arp . I didn’t see that before)
nmap scan
To scan the status of a range of IP addresses, this is nice and simple:
-sn: Ping Scan - disable port scan I did this on Mac OS X (which is based on BSD). I am not sure if the Linux version has any differences.
Brilliant, all I had to to was type: sudo nmap -sP 192.168.178.0-255. This did a scan in the subnet I am in.
You could use fping sudo apt-get install fping (in debian-like OSs).
fping is similar to ping, but much better performing when pinging multiple hosts. The -r 1 flag tells fping to perform only one round. The 2>1 part allows grep to filter the output.
$ fping -g -r 1 192.168.1.0/24 2>1 | grep "alive" Would display something like:
192.168.1.1 is alive 192.168.1.10 is alive 192.168.1.15 is alive 192.168.1.27 is alive There is also an interesting flag for nmap that would let you see the MAC vendor — if known. Use with sudo in order to see the MAC addresses.
You would get for instance:
Starting Nmap 7.40 ( https://nmap.org ) at 2019-05-23 18:49 CEST Nmap scan report for 192.168.1.14 Host is up (-0.036s latency). MAC Address: 20:F4:1B:E5:8F:7B (Shenzhen Bilian electronic) Nmap scan report for 192.168.1.15 Host is up (-0.084s latency). MAC Address: A4:31:35:E8:58:9E (Apple) Nmap scan report for 192.168.1.27 Host is up (-0.15s latency). MAC Address: 34:8A:7B:38:E3:14 (Samsung Electronics) Nmap scan report for 192.168.1.29 Host is up (0.010s latency). MAC Address: 80:2B:F9:75:F8:FF (Unknown) Nmap scan report for 192.168.1.10 Host is up. Nmap done: 256 IP addresses (5 hosts up) scanned in 25.52 seconds I didn’t find the existing answers satisfying enough, so I thought I’d give a try. After all, the FAQ suggests to provide context for links.
nmap is great, if a little confusing to use. Here’s something I run to discover local network devices that’s mostly copy-paste-able. nmap -sP (or nmap -sn ) scans by pinging. There are other options for ‘host discovery’, like with nmap -sL or nmap -Pn .
Way #1.
ehtesh@x200arch:~$ # my wireless interface is listed as wlp3s0. Yours could be wlan0 or eth1. ehtesh@x200arch:~$ ip addr show wlp3s0 | grep "inet " inet 172.18.72.53/22 brd 172.18.75.255 scope global wlp3s0 ehtesh@x200arch:~$ arp -a ? (172.18.72.1) at c8:4c:75:76:bd:74 [ether] on wlp3s0 ehtesh@x200arch:~$ nmap -sP 172.18.72.0/24 Starting Nmap 6.41SVN ( http://nmap.org ) at 2013-12-17 20:08 EST Nmap scan report for 172.18.72.2 Host is up (0.017s latency). Nmap scan report for 172.18.72.253 Host is up (0.13s latency). Nmap done: 256 IP addresses (17 hosts up) scanned in 5.74 seconds ehtesh@x200arch:~$ arp -a | sort -n -k 1,1 ? (172.18.72.126) at ec:35:86:4a:37:d2 [ether] on wlp3s0 ? (172.18.72.148) at 10:9a:dd:b8:79:71 [ether] on wlp3s0 ? (172.18.72.178) at 9c:20:7b:7b:08:ba [ether] on wlp3s0 ? (172.18.72.1) at c8:4c:75:76:bd:74 [ether] on wlp3s0 ? (172.18.72.253) at b8:78:2e:19:05:0b [ether] on wlp3s0 ? (172.18.72.2) at 00:14:1c:da:e1:c2 [ether] on wlp3s0 ? (172.18.72.40) at d8:c7:c8:ca:f9:88 [ether] on wlp3s0 ? (172.18.72.43) at d8:c7:c8:ce:0f:60 [ether] on wlp3s0 ? (172.18.72.44) at d8:c7:c8:ce:0f:68 [ether] on wlp3s0 ? (172.18.72.45) at 6c:f3:7f:c6:71:16 [ether] on wlp3s0 ? (172.18.72.46) at 6c:f3:7f:c4:4c:b3 [ether] on wlp3s0 ? (172.18.72.47) at d8:c7:c8:ca:f9:88 [ether] on wlp3s0 ? (172.18.72.48) at 24:de:c6:c6:b6:78 [ether] on wlp3s0 ? (172.18.72.49) at 24:de:c6:c6:b6:e6 [ether] on wlp3s0 ? (172.18.72.51) at 00:9c:02:d0:4c:4e [ether] on wlp3s0 ? (172.18.72.54) at 00:23:76:99:99:bf [ether] on wlp3s0 ? (172.18.72.62) at 8c:70:5a:0d:06:18 [ether] on wlp3s0 ? (172.18.72.63) at 7c:e9:d3:51:86:55 [ether] on wlp3s0 ? (172.18.72.64) at a0:88:b4:47:eb:c8 [ether] on wlp3s0 Way #2. I know this works, but I can’t say if this is the right way to go.
ehtesh@x200arch:~$ #ifconfig | grep broadcast ehtesh@x200arch:~$ ip address show wlp3s0 | grep brd link/ether 00:1e:65:bf:1b:42 brd ff:ff:ff:ff:ff:ff inet 172.18.72.53/22 brd 172.18.75.255 scope global wlp3s0 ehtesh@x200arch:~$ ping -b -c 3 -i 20 172.18.75.255
I’d be happy to know if there are more effective ways. Until then, I’m sticking to this.
Просмотр компьютеров в локальной сети из терминала Linux
Полный чайник в Linux. Как посмотреть из терминала все компьютеры, которые подключены к локальной сети ? Поясню подробней. Интернет-кабель у меня подключен к роутеру. От роутера идет несколько кабелей к компьютерам с Ubuntu. А теперь сам вопрос. Как мне с одного из этих компьютеров увидеть остальные компьютеры внутри сети роутера ?
А с какой целью интересуетесь ? Т.е. что вы понимаете под «компьютером подключенным к локальной сети». Вам их ip/mac адресов достаточно или вы ждете чего то большего
5 ответов 5
Не совсем понятно что имеется в виду, но предложу варианты (маску подставить по необходимости):
- nmap -sn 192.168.0.0/24 (при блокировке ICMP файрволом можно попробовать другие варианты, например, UDP: nmap -sn -PU 192.168.0.0/24 )
- echo 192.168.0.|xargs -n1 -P0 ping -c1|grep «bytes from» (это те, кто на пинг отвечает)
Для начала убедитесь, что установлена samba. Если такой пакет присутствует и задана рабочая группа, выполните в консоли
samba должна стоять на компьютере, с которого идет поиск. На разыскиваемых можно посмотреть, отктрыт ли порт 139 tcp.
Сканируйте сеть, проверяйте открыт ли порт. Я привел в ответе вариант для обычной одноранговой сети. Должно работать как в windows (компьютеры сети)
Есть очень удобная утилитка fping http://fping.org/ Прямо-таки для этого создана. Можно nmap , но это будет гораздо медленнее.
Как и nmblookup он требует, чтобы на компьютерах была установлена соответствующая служба, для linux это avahi-daemon . (С нашими тупыми провайдерами рекомендую всегда отключать проверку на использование домена .local: в /etc/default/avahi-daemon поставить AVAHI_DAEMON_DETECT_LOCAL=0 )
Чтобы компьютер с linux отвечал на это, нужно сделать на нём:
# sysctl net.ipv4.icmp_echo_ignore_broadcasts=0 Некоторые маршрутизаторы это так же поддерживают.
Ну и более низкоуровневый и как мне кажется более надёжный для односегментной сети:
$ echo 192.168.2. | xargs -n1 -P0 arping -c 4 -f -I eth0 | grep "reply from"