How can I locate unused IP addresses on my network? The DHCP server keeps assigning the same address and I need a different IP address to test my application with. The software would need to run on Windows.
9 Answers
Probably the best way is to use NMAP (http://nmap.org/) in ARP Ping scan mode. The usage will be something like nmap -sP -PR 192.168.0.*
(or whatever your network is).
The advantage of this approach is that it uses the Address Resolution Protocol to detect if IP addresses are assigned to machines. Any machine that wants to be found on a network needs to answer the ARP, so this approach works where ping scans, broadcast pings and port scans don't (due to firewalls, OS policy, etc.).
- 3,522
- 25
- 38
- 596
- 4
- 5
-
1+1 I hadn't realized that nmap binaries were available on Windows; definitely use that, it rocks. – msanford Jun 10 '09 at 22:54
-
That did it exactly. Hopefully I didn't upset anyone with the query. Apparently Nmap also likes to tell me what "interesting" ports are open on any of the machines it encounters. :O I definitely didn't need or want that. – jasonh Jun 10 '09 at 22:59
-
3Ooops. Using -sP in addition to -PR should disable the unnecessary port scan. – guilherme Jun 11 '09 at 00:00
-
-0.5 for me, wildcards are acceptable in nmap host specifications (0.5 because there's no "*" in the manpage relating to hosts, only ports ;) – msanford Jun 12 '09 at 13:18
-
6It is surprising that we describe a `nmap` horizontal scan solution to a (newbie?) question asking how to 'push' an unused IP address in a DHCP allocated networking environment. Is it not our responsibility (as admins?) to suggest that he approach the local DHCP authority (his admin?) and get some test IP addresses allocated? AGREED, this is an elegant hack, we all love nmap, including matrix fans. But, do we understand what is happening here? – nik Jul 19 '09 at 15:49
-
+1 the usage of nmap is perfect – Ali Mezgani Jun 01 '16 at 22:20
You really should not be trying to find unused IP addresses on a network that uses DHCP. You should not be doing this unless you know what you are doing, and asking how to do it suggests that you do not.
Network address management is implicitly an organizational (not a technical) activity. DHCP makes network administrators often think it is purely technical, but the protocol is well designed and can easily support your needs with a little bit of political negotiation.
DHCP has a feature where certain systems can be given the same IP address every time (in other words, the assignment mechanism can be dynamic, but the assignments themselves can be fixed).
Ask your DHCP administrator to create some entries for you. If they say "no", do some leg work, and ask your manager to ask their manager to do it.
Or ask the DHCP administrator to allocate a range of IP address for your personal use, but not serve them out of DHCP.
This is really in everyone's best interests. If you project is worth of a little extra effort, some organizational love will go a long way.
I don't think that the other posters have thought seriously about what can happen, and part of the danger is that the results of IP address conflicts are unpredictable:
If you poach addresses, and then they conflict with someone else's system, the results can be painful, like job ending.
Systems behave differently when they have IP conflicts. Some drop themselves quickly. Some just put weird warnings on your screen. Potentially some systems would fight over the IP address.
You don't know what system you would be disconnecting. You could be disconnecting an important server, or your system might have a stub server that starts responding to real traffic. Or it could be you boss's PC, or some senior engineering person who was also IP squatting.
Here's a DNS story that is pretty similar. I worked with a smart, but sometimes obnoxious person in a company, and he understood most of everything, except DNS resolution. He configured about 80% of the companies mail systems so that if there was a minor outage, my lab environment ended up being the outbound mail server. They caught this problem quickly, but you can imagine how bad this could be if my system hadn't queued the mail behind the firewall.
- 3,522
- 25
- 38
- 663
- 1
- 5
- 13
-
2@benc, Excellent! this is the first answer I see being rational about scanning for an unused IP address in a DHCP environment. +1 for thinking like an Admin on ServerFault. – nik Jul 19 '09 at 15:54
-
It seems, I noticed this question just because you answered this today! Things seem to have concluded without this point here last month!! – nik Jul 19 '09 at 15:56
-
-
It's a shame this isn't the selected answer - because it answers the real question. +1 – Nov 05 '11 at 21:21
One time at my company, somebody accidently set their IP to that of the core switch in our server room.
Net result:
"WTF Happened to the Network1?!?!"
Moral of the story: Please talk to your admins. If you are in engineering firm, chances are they have a process in place to give you an address, or even your own range.
- 586
- 3
- 8
-
+1 - these are the stories that scare people into behaving correctly. Sorry it happened to you in real-life. – benc Jun 25 '18 at 19:52
You basically have to options:
Ask your DHCP server what addresses it has already assigned (via the web interface, cli interface, or whatever interface your server uses). This will work if very node on your network uses DHCP to configure itself (i.e., doesn't have any self-assigned IP addresses). Obviously you also need access to the router's configuration, which it sounds like you might not have.
Ping (or portscan) your entire subnet and see who answers. This might not work if particular nodes have ICMP-echo-request disabled (i.e., "Block ping").
- 1,427
- 15
- 27
-
That's correct, I don't have access to the DHCP server. Any suggested utilities to ping the subnet? I tried the "ping 224.0.0.1" suggestion but it reports "General failure". – jasonh Jun 10 '09 at 22:46
-
I'm afraid that I always have access to a linux machine for stuff like network diagnostics (so I'm not that useful for the Windows syntax). Hit Google and see what you find; there is surely a nice freeware gui tool out there. – msanford Jun 10 '09 at 22:52
-
Guilherme has it below, use nmap http://nmap.org/download.html though the syntax is `nmap -sP 192.168.0.1-254` – msanford Jun 10 '09 at 22:56
As mentioned in other answers, ping scans or NMAP scans of your local subnet are probably the best way to determine free IP addresses if you don't have access to the DHCP server.
However, please bear in mind two things.
Your network admins probably won't take kindly to you running port/ping scans; if they have anything resembling decent intrusion prevention, you shouldn't be surprised when they wander round to your desk looking unhappy.
Mixing static configuration and DHCP on the same subnet can cause issues. If you configure a device with an IP you find to be 'free' through subnet scans etc., and the DHCP server subsequently hands that address out to another node, your machine and the 'real' owner of the IP address will continually fight over who should have the ARP entry for that IP. This will lead to intermittent connectivity for both machines. (And again, a possible visit from your friendly neighbourhood admin).
If you really need another IP address to test with, is it possible to reach out to your network admins and ask? They would be able to configure a manual-DHCP entry that would give your machine a specific DHCP lease based on its MAC address.
- 10,166
- 8
- 40
- 62
-
Thanks for the tips. I'm aware of the possibility of the DHCP server issuing the address to someone else, so I don't plan to keep it for long. I really do need another IP address. The Cisco firewall checks my IP address to see if I've been authenticated through there before during the last 12 hour period and if so, never presents me with a means for logging out. The only way to get back to the login screen is to let that 12 hour time-frame expire or get a new IP. I did that once already by switching to a wireless connection, but now I need another shot at the firewall so I can check my code. – jasonh Jun 10 '09 at 23:02
Check out fing. It used to be called lookatlan. It's a small install but will scan network and give you a simple graphical interface to see what's being used and what's not.
- 409
- 4
- 11
If you are using Windows Server DHCP, then the DHCP viewer shows the used IP addresses. Maybe you have a very small range of IP, try extending the range.
I had a similar issue when using router to assign IP addresses. My solution, I extended the range and that seemed to work.
- 1,935
- 2
- 20
- 25
-
I have a strong feeling, from the phrasing of his question, that he's not the network's administrator, but it just looking for a free IP address to test some code with. – msanford Jun 10 '09 at 22:38
-
Exactly. I'm writing an app that automates logging in through a Cisco firewall. Once I've logged into it for the day, I have no way of logging out. Since I need to test different scenarios in my code, I need to be able to get a different IP so I get prompted to log in again. – jasonh Jun 10 '09 at 22:50
You can use the command fping to find the used and unused IPs of your network.
-
As mentioned elsewhere - a list with the IP-addresses of all hosts that respond to Ping is not (necessarily) the same as all IP-addresses that are actively used. – Bob Jan 19 '21 at 08:28
-
fping only resolve IP's which respond to ICMP if ICMP is droped then it will show th host unreachable even IP address in use – Vaibhav Panmand Jan 19 '21 at 12:25