[opensuse] How to find list of hosts on local subnet?
Guys, What would I use to get a list of hosts on the local subnet aside from dumping the forward zone in bind or doing a ping -c .1 subnet.1-254? I want to find something I can call from a script to return the list to either a single variable or an array. I'm open to anything, but would prefer a BASH or c solution. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 12/2/2010 3:37 PM, David C. Rankin wrote:
Guys,
What would I use to get a list of hosts on the local subnet aside from dumping the forward zone in bind or doing a ping -c .1 subnet.1-254? I want to find something I can call from a script to return the list to either a single variable or an array.
I'm open to anything, but would prefer a BASH or c solution.
I use my Nexus One. Use to use my iPhone. Lots of apps for that. When no tools at hand: ping -c 2 -b <broadcast IP> (something like 192.168.1.255 - You need -b option) -c 2 sends just two pings. No need to get crazy. then immediatly do /sbin/arp -n And you will have a list of hosts by IP. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 12/02/2010 06:15 PM, John Andersen wrote:
On 12/2/2010 3:37 PM, David C. Rankin wrote:
Guys,
What would I use to get a list of hosts on the local subnet aside from dumping the forward zone in bind or doing a ping -c .1 subnet.1-254? I want to find something I can call from a script to return the list to either a single variable or an array.
I'm open to anything, but would prefer a BASH or c solution.
I use my Nexus One. Use to use my iPhone. Lots of apps for that.
When no tools at hand: ping -c 2 -b <broadcast IP> (something like 192.168.1.255 - You need -b option) -c 2 sends just two pings. No need to get crazy.
then immediatly do
/sbin/arp -n
And you will have a list of hosts by IP.
Damn, I should have waited for your answer :p I did it the hard way with arpd, but it worked :p #!/bin/bash oifs=$IFS IFS=$'\n' declare -a arptable arptable=( $(sudo arpd -b /var/lib/arpwatch/arpd.db -l) ) printf "\n%-25s %-20s %s\n" "Hostname" "IP" "Mac" numrec=${#arptable[@]} for ((i=0;i<$numrec;i++)); do tmp=${arptable[$i]} mac=${tmp##* } ip=${tmp:1} # trim first char ip="${ip#"${ip%%[![:space:]]*}"}" # remove leading whitespace characters ip=${ip%% *} # remove mac and trailing whitespace characters hn=$(nslookup $ip) hn=${hn##*= } hn=${hn%%.*} [[ $hn =~ Server: ]] && hn="gateway (Linksys)" [[ $i -gt 0 ]] && printf "%-25s %-20s %s\n" $hn $ip $mac done -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 12/02/2010 06:43 PM, David C. Rankin wrote:
On 12/02/2010 06:15 PM, John Andersen wrote:
I use my Nexus One. Use to use my iPhone. Lots of apps for that.
When no tools at hand: ping -c 2 -b <broadcast IP> (something like 192.168.1.255 - You need -b option) -c 2 sends just two pings. No need to get crazy.
then immediatly do
/sbin/arp -n
<snip>
I've noticed that using arpd seems to give you the best results for hosts that might not be up at the moment. Just start arpd with: # arpd -b /var/lib/arpwatch/arpd.db ath0 Here is the differences in the results. With arp I get only 4 hosts and the router (.13) 18:45 alchemy:~/scr/utl/tst> ping -c2 -b 192.168.6.102 <snip> 18:45 alchemy:~/scr/utl/tst> sudo arp -n Address HWtype HWaddress Flags Mask Iface 192.168.6.121 ether 00:0F:1F:D6:03:A0 C ath0 192.168.6.13 ether 00:23:69:5C:FD:B4 C ath0 192.168.6.17 ether 00:E0:81:55:4E:1D C ath0 192.168.6.147 ether 00:11:43:22:5A:25 C ath0 192.168.6.14 ether 00:21:85:1A:8C:FA C ath0 Using the script above, I get the whole list: 18:46 alchemy:~/scr/utl/tst> sh arpt.sh Hostname IP Mac archangel 192.168.6.14 00:21:85:1a:8c:fa zachrys-iPhone 192.168.6.112 d4:9a:20:92:0b:f5 gateway (Linksys) 192.168.7.13 00:06:25:5e:dd:29 supersff 192.168.6.121 00:0f:1f:d6:03:a0 gw 192.168.6.13 00:23:69:5c:fd:b4 mail 192.168.6.17 00:e0:81:55:4e:1d dcrgx2 192.168.6.147 00:11:43:22:5a:25 dcrgx 192.168.6.111 00:11:43:22:4f:23 zion 192.168.6.19 00:0c:76:13:16:e6 Wii 192.168.6.115 00:1b:ea:d6:91:80 ripper 192.168.6.149 00:0c:76:13:90:c2 -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 12/2/2010 4:51 PM, David C. Rankin wrote:
On 12/02/2010 06:43 PM, David C. Rankin wrote:
On 12/02/2010 06:15 PM, John Andersen wrote:
I use my Nexus One. Use to use my iPhone. Lots of apps for that.
When no tools at hand: ping -c 2 -b <broadcast IP> (something like 192.168.1.255 - You need -b option) -c 2 sends just two pings. No need to get crazy.
then immediatly do
/sbin/arp -n
<snip>
I've noticed that using arpd seems to give you the best results for hosts that might not be up at the moment. Just start arpd with:
# arpd -b /var/lib/arpwatch/arpd.db ath0
Here is the differences in the results. With arp I get only 4 hosts and the router (.13)
18:45 alchemy:~/scr/utl/tst> ping -c2 -b 192.168.6.102 <snip>
18:45 alchemy:~/scr/utl/tst> sudo arp -n Address HWtype HWaddress Flags Mask Iface 192.168.6.121 ether 00:0F:1F:D6:03:A0 C ath0 192.168.6.13 ether 00:23:69:5C:FD:B4 C ath0 192.168.6.17 ether 00:E0:81:55:4E:1D C ath0 192.168.6.147 ether 00:11:43:22:5A:25 C ath0 192.168.6.14 ether 00:21:85:1A:8C:FA C ath0
Using the script above, I get the whole list:
18:46 alchemy:~/scr/utl/tst> sh arpt.sh
Hostname IP Mac archangel 192.168.6.14 00:21:85:1a:8c:fa zachrys-iPhone 192.168.6.112 d4:9a:20:92:0b:f5 gateway (Linksys) 192.168.7.13 00:06:25:5e:dd:29 supersff 192.168.6.121 00:0f:1f:d6:03:a0 gw 192.168.6.13 00:23:69:5c:fd:b4 mail 192.168.6.17 00:e0:81:55:4e:1d dcrgx2 192.168.6.147 00:11:43:22:5a:25 dcrgx 192.168.6.111 00:11:43:22:4f:23 zion 192.168.6.19 00:0c:76:13:16:e6 Wii 192.168.6.115 00:1b:ea:d6:91:80 ripper 192.168.6.149 00:0c:76:13:90:c2
Yup. The distro I first used this on predated arpd (or at least It wasn't installed). Nothing is going to find a host that is unpowered, which is why arpd is cool because it will record for you even if they only show up fleetingly, but of course you have to have it running, which most networks probably don't. The ping command I use serves to fill in the arp table, but in real busy networks this info becomes stale and is dropped from the arp table fairly quickly. You don't want to dawdle firing off that arp command after the ping. The advantage is it works for non-root (unless someone hides arp) and it works on windows too. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
David C. Rankin wrote:
Guys,
What would I use to get a list of hosts on the local subnet aside from dumping the forward zone in bind or doing a ping -c .1 subnet.1-254? I want to find something I can call from a script to return the list to either a single variable or an array.
I'm open to anything, but would prefer a BASH or c solution.
The arp -a command will list all the computers yours has communicated with recently, but you still need something, either traffic or ping etc., to keep the address in the cache. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
David C. Rankin wrote:
Guys,
What would I use to get a list of hosts on the local subnet aside from dumping the forward zone in bind or doing a ping -c .1 subnet.1-254? I want to find something I can call from a script to return the list to either a single variable or an array.
I'm open to anything, but would prefer a BASH or c solution.
The arp variations already suggested are probably enough, but if you're on the dhcp machine, you could take a look at the dhcp lease file. (assuming you already know about the "fixed" hosts). -- Per Jessen, Zürich (-3.9°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
I generally do something like this:
for host in 10.1.0.{1..254}; do fping $host; done
Thanks,
James
On Fri, Dec 3, 2010 at 2:14 AM, Per Jessen
David C. Rankin wrote:
Guys,
What would I use to get a list of hosts on the local subnet aside from dumping the forward zone in bind or doing a ping -c .1 subnet.1-254? I want to find something I can call from a script to return the list to either a single variable or an array.
I'm open to anything, but would prefer a BASH or c solution.
The arp variations already suggested are probably enough, but if you're on the dhcp machine, you could take a look at the dhcp lease file. (assuming you already know about the "fixed" hosts).
-- Per Jessen, Zürich (-3.9°C)
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, Dec 3, 2010 at 4:19 PM, James Wright
I generally do something like this:
for host in 10.1.0.{1..254}; do fping $host; done
How about ping -b 255.255.255.255 ? Regards, ismail -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, Dec 3, 2010 at 10:04 AM, İsmail Dönmez
On Fri, Dec 3, 2010 at 4:19 PM, James Wright
wrote: I generally do something like this:
for host in 10.1.0.{1..254}; do fping $host; done
How about ping -b 255.255.255.255 ?
Regards, ismail
I don't think you can trust pings of the broadcast IP. ================================ On my network: Both ping -b 255.255.255.255 and ping -b 10.0.1.255 only show 5 hosts: === WARNING: pinging broadcast address PING 10.0.1.255 (10.0.1.255) 56(84) bytes of data. 64 bytes from 10.0.1.249: icmp_seq=1 ttl=64 time=0.289 ms 64 bytes from 10.0.1.248: icmp_seq=1 ttl=255 time=0.311 ms (DUP!) 64 bytes from 10.0.1.183: icmp_seq=1 ttl=64 time=1.21 ms (DUP!) 64 bytes from 10.0.1.2: icmp_seq=1 ttl=64 time=1.22 ms (DUP!) 64 bytes from 10.0.1.3: icmp_seq=1 ttl=64 time=2.20 ms (DUP!) === But: fping -g 10.0.1.0/24 -a -s -c 1 -r 1 Reports 24 IPs in use: === 256 targets 24 alive 232 unreachable === which seems a lot more realistic in my office. fyi: the broadcast ping is missing both openSUSE and windows machines at a minimum. Seems to get routers and printers. Greg broadcast is only showing 5 machines. -- Greg Freemyer Head of EDD Tape Extraction and Processing team Litigation Triage Solutions Specialist http://www.linkedin.com/in/gregfreemyer CNN/TruTV Aired Forensic Imaging Demo - http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retriev... The Norcross Group The Intersection of Evidence & Technology http://www.norcrossgroup.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 12/3/2010 9:24 AM, Greg Freemyer wrote:
On Fri, Dec 3, 2010 at 10:04 AM, İsmail Dönmez
wrote: On Fri, Dec 3, 2010 at 4:19 PM, James Wright
wrote: I generally do something like this:
for host in 10.1.0.{1..254}; do fping $host; done
How about ping -b 255.255.255.255 ?
Regards, ismail
I don't think you can trust pings of the broadcast IP.
================================ On my network: Both ping -b 255.255.255.255 and ping -b 10.0.1.255
only show 5 hosts:
=== WARNING: pinging broadcast address PING 10.0.1.255 (10.0.1.255) 56(84) bytes of data. 64 bytes from 10.0.1.249: icmp_seq=1 ttl=64 time=0.289 ms 64 bytes from 10.0.1.248: icmp_seq=1 ttl=255 time=0.311 ms (DUP!) 64 bytes from 10.0.1.183: icmp_seq=1 ttl=64 time=1.21 ms (DUP!) 64 bytes from 10.0.1.2: icmp_seq=1 ttl=64 time=1.22 ms (DUP!) 64 bytes from 10.0.1.3: icmp_seq=1 ttl=64 time=2.20 ms (DUP!) ===
But: fping -g 10.0.1.0/24 -a -s -c 1 -r 1
Reports 24 IPs in use: === 256 targets 24 alive 232 unreachable ===
which seems a lot more realistic in my office.
fyi: the broadcast ping is missing both openSUSE and windows machines at a minimum. Seems to get routers and printers.
Greg
broadcast is only showing 5 machines.
Because of the dups, you can't rely on the output of pinging the broadcast. That is why you have to follow it with an "arp -n" Furthermore, you don't want to sent out a stream of pings to broadcast, two is plenty to populate your arp table. Pinging each host separately, per James's example requires evaluating a rather messy return, and David was looking for something that he could put in a script. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi;
On Fri, Dec 3, 2010 at 9:06 PM, John Andersen
Because of the dups, you can't rely on the output of pinging the broadcast. That is why you have to follow it with an "arp -n"
Furthermore, you don't want to sent out a stream of pings to broadcast, two is plenty to populate your arp table.
Didn't know about fping, thanks for the explanation! Regards, ismail -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2010-12-03 at 12:24 -0500, Greg Freemyer wrote:
But: fping -g 10.0.1.0/24 -a -s -c 1 -r 1
Reports 24 IPs in use: === 256 targets 24 alive 232 unreachable ===
Interesting!
which seems a lot more realistic in my office.
fyi: the broadcast ping is missing both openSUSE and windows machines at a minimum. Seems to get routers and printers.
Indeed, that's what I see here. Just the router, printer, and my machine. - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEYEARECAAYFAkz5j2sACgkQtTMYHG2NR9VhmACdFtZkZChahvyA9PpTQTtND5K/ 7AcAn3wpvfR+kHlPlktC14nhk+QGw4Cn =IoSg -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, 2010-12-03 at 17:04 +0200, İsmail Dönmez wrote:
On Fri, Dec 3, 2010 at 4:19 PM, James Wright
wrote: I generally do something like this:
for host in 10.1.0.{1..254}; do fping $host; done
How about ping -b 255.255.255.255 ?
You should really use the broadcast address of the interface you are sending this out on. And you have to hope the machines on the network have their broadcast set the same. Some devices only respond to broadcasts that exactly match their configured broadcast address. I have found this command to be less than reliable. I like the idea, but it never seems to work properly.
Regards, ismail
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Wright wrote:
I generally do something like this:
for host in 10.1.0.{1..254}; do fping $host; done
Try that on an IPv6 subnet. It'll take a while. My local subnet is a /64 (1 of 256 in the /56 subnet assigned to me by the 6in4 tunnel broker). That's 2^64 or 18446744073709551616 address to search through! -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thu, 2010-12-02 at 17:37 -0600, David C. Rankin wrote:
Guys, What would I use to get a list of hosts on the local subnet aside from dumping the forward zone in bind or doing a ping -c .1 subnet.1-254? I want to find something I can call from a script to return the list to either a single variable or an array.
For a nice GUI solution install the avahi-utils-gtk package and run "/usr/bin/avahi-discover-standalone". This works very well on home networks where things like printers, DVRs, TiVOs, etc... almost always will show up. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday, 2010-12-03 at 09:40 -0500, Adam Tauno Williams wrote:
For a nice GUI solution install the avahi-utils-gtk package and run "/usr/bin/avahi-discover-standalone". This works very well on home networks where things like printers, DVRs, TiVOs, etc... almost always will show up.
I see nothing. What I see is blocked packages in the firewall: Dec 4 01:19:13 Telcontar kernel: [1140797.184192] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:21:85:16:2d:0b:00:01:02:03:04:05:08:00 SRC=192.168.1.2 DST=192.168.1.14 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=4981 PROTO=ICMP TYPE=0 CODE=0 ID=65380 SEQ=1 Dec 4 01:24:29 Telcontar kernel: [1141112.903595] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC= SRC=fe80:0000:... DST=ff02:0000:0000:... LEN=94 TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=UDP SPT=5353 DPT=5353 LEN=54 It is this port: mdns 5353/tcp # Multicast DNS Should I open it? [...] Indeed, after I open it I see a few things in "avahi-discover-standalone". The printer twice (ipv6), and my computer, three times (ipv4, workstation, sftp, ssh). My laptop, the DTV and the router, do not appear. It lists open ports as one entry per machine, it seems. - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEYEARECAAYFAkz5jx8ACgkQtTMYHG2NR9XP3gCfXsLrkFIt/kVW5GyCRFhAClEG ZJUAoJJh4DdIjcjteTMckm0lMZCVQb76 =N9lF -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (10)
-
Adam Tauno Williams
-
Carlos E. R.
-
David C. Rankin
-
Greg Freemyer
-
İsmail Dönmez
-
James Knott
-
James Wright
-
John Andersen
-
Per Jessen
-
Roger Oberholtzer