arp -a to see your computer’s current arp table. It will show only those IP addresses your computer has interacted with. Output like this (obscured a little to hide MAC addresses on my network):
$ arp -a ? (10.1.168.1) at xx:xx:9e:82:ab:f6 on en1 ifscope [ethernet] ? (10.1.168.16) at xx:xx:29:d3:17:8 on en1 ifscope [ethernet] ? (10.1.168.115) at xx:xx:2:4f:76:14 on en1 ifscope [ethernet] ? (10.1.168.131) at xx:xx:6b:d0:36:a5 on en1 ifscope [ethernet] ? (10.1.168.134) at (incomplete) on en1 ifscope [ethernet] ? (10.1.168.137) at xx:xx:65:46:cd:b8 on en1 ifscope [ethernet] ? (10.1.168.255) at ff:ff:ff:ff:ff:ff on en1 ifscope [ethernet]
Assuming all the other machines are in the same broadcast domain as the one to which you have access, pinging the broadcast address will often suffice. It will not find machines that are asleep, nor those configured to not respond to pings, nor those that will respond to pings but not to broadcast pings.
% ifconfig -a | grep broadcast inet 192.168.1.241 netmask 0xffffff00 broadcast 192.168.1.255 % ping -i 5 -c 2 192.168.1.255 PING 192.168.1.255 (192.168.1.255): 56 data bytes 64 bytes from 192.168.1.241: icmp_seq=0 ttl=64 time=0.393 ms 64 bytes from 192.168.1.254: icmp_seq=0 ttl=255 time=2.511 ms (DUP!) 64 bytes from 192.168.1.65: icmp_seq=0 ttl=64 time=5.810 ms (DUP!) 64 bytes from 192.168.1.255: icmp_seq=0 ttl=64 time=7.886 ms (DUP!) 64 bytes from 192.168.1.241: icmp_seq=1 ttl=64 time=0.312 ms --- 192.168.1.255 ping statistics --- 2 packets transmitted, 2 packets received, +3 duplicates, 0% packet loss round-trip min/avg/max/stddev = 0.312/3.382/7.886/3.010 ms
The first and last response will almost always be your local machine. The
(DUP!) responses are from other machines (though this example also show some machine responding with the broadcast address itself, which is not terribly useful).
You might also try the all-ones broadcast address:
% ping -i 5 -c 2 255.255.255.255 PING 255.255.255.255 (255.255.255.255): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.392 ms 64 bytes from 192.168.1.254: icmp_seq=0 ttl=255 time=3.053 ms (DUP!) 64 bytes from 192.168.1.65: icmp_seq=0 ttl=64 time=8.685 ms (DUP!) 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.319 ms --- 255.255.255.255 ping statistics --- 2 packets transmitted, 2 packets received, +2 duplicates, 0% packet loss round-trip min/avg/max/stddev = 0.319/3.112/8.685/3.401 ms
This example shows less cruft. All the
(DUP!)s are other machines and the local machine is easily identified as 127.0.0.1.
A quick CLI one liner to step through /24 subnet ping each IP address. Quick and kind of dirty, but it works.
for (( x=1; x <= 254; x++ )); do ping -c 3 192.168.0.$x; done
Explanation: To change the range, change x=1 to x=130, or whatever you want to start at, and 254 to the end, say 135.
for (( x=130; x <= 135; x++ ));
ping -c 3 is send three pings. To change the number of pings change the 3 to something else, and to change the address range, change the 192.168.0 to something else.
do ping -c 30 10.10.0.$x;
1) Write: for /L %I in (1,1,254) DO ping -w 30 -n 1 168.29.0.%I This will ping all addresses in your local network
2) Then write: arp -a This will give you all addresses that answered
Taken from Finding All Hosts On the LAN From Linux/Windows Workstation
for ip in $(seq 1 254); do ping -c 1 192.168.1.$ip>/dev/null;
[ $? -eq 0 ] && echo “192.168.1.$ip UP” || : ;
Arp-scan works great for me too…
If using Wi-Fi:
sudo arp-scan -l –interface=wlan0
-or if using ethernet:
sudo arp-scan -l –interface=eth0
(this last is practically identical to what Rajesh Rajendran posted; the -l standing for –localnet)
If you don’t have arp-scan (it doesn’t come with Ubuntu by default), just pull up a terminal and type:
sudo apt-get install arp-scan
I always use nmap. To scan for all devices in your network, use:
nmap -sP 192.168.0.1/24
More here: http://www.cyberciti.biz/networking/nmap-command-examples-tutorials/