Find machine/host names on the network

Firstly we try to resolve the PTR records in DNS for the specified IP addresses.
It sends nothing to the hosts so there is no guarantee if it is really connected or turned on but we can get the actual DNS map including those devices which are within their DHCP lease timeout.

nmap -sn -sL 192.168.0.0/24

Then we scan for hosts really connected sending ARP requests. The disadvantage is that it only works on your subnet.

nmap -sP 192.168.0.0/24

or if we want to remove useless lines:

nmap -sP 192.168.0.0/24 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}"

output example:

cesare@cesare-desktop:~$ nmap -sP 192.168.0.0/24 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}"
 Nmap scan report for router (192.168.0.10)
 Nmap scan report for vpnudp (192.168.0.90)
 Nmap scan report for vpntcp (192.168.0.91)
 Nmap scan report for desktop (192.168.0.100)
 Nmap scan report for unas (192.168.0.110)
 Nmap scan report for pi2 (192.168.0.140)
 Nmap scan report for cloud (192.168.0.200)

or for a better output:

nmap -sP 192.168.0.0/24 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d ' ' -f5-
router (192.168.0.10)
vpnudp (192.168.0.90)
vpntcp (192.168.0.91)
desktop (192.168.0.100)
unas (192.168.0.110)
cloud (192.168.0.200)

No Comments

No comments yet.

RSS feed for comments on this post.

Leave a comment

WordPress Themes