1
I am a host in a 255.255.255.0 subnet - conforming to RFC1918.
What ways are possible (without iterating over the 254 addresses) to map the IPEndPoints in my local subnet?
divinci
Posted 2010-02-19T11:14:59.767
Reputation: 111
Finding all ICMP enabled Hosts on Local Subnet
Answers
4
nik is close; you do need to ping the broadcast, but not all systems will respond directly.
Note the broadcast address is not the same as your network address. If your IP is 192.168.1.42, and your netmask is 255.255.255.0, then your network address is 192.168.1.0 and your network broadcast address is 192.168.1.255.
Ping the broadcast of your network:
- Linux:
ping 192.168.1.255 -b - WinXP:
ping 192.168.1.255
- Linux:
Check the ARP cache for responses:
- Linux:
arp - WinXP:
arp -a
- Linux:
Oddly enough, I get responses from a Win-7 machine on my network when pinging the broadcast address, but no one else's responses show up. There are 4 devices on my network (router, XP, Win7, debian); all 3 remote machines are listed correctly in the arp output when I ran the above commands on both the Debian and WinXP systems.
quack quixote
Posted 2010-02-19T11:14:59.767
Reputation: 37 382
0
If you send a broadcast ping with,
ping network_address -b
where network_address is your 255.255.255.0 equivalent class-c network.
All the endpoints will reply to you.
You then just have to extract unique individual responding IP addresses from the output.
This means, if your IP address is 192.168.1.42 in a Class-C network.
You would do a ping 192.168.1.0 -b and look at (say) a minute worth of output.
All connected end-points in the network will reply to this broadcast address.
nik
Posted 2010-02-19T11:14:59.767
Reputation: 50 788
1winxp's ping doesn't seem to support pinging a broadcast address, and nobody responds when i try it from my debian system. (there are 3 machines on the local network that all respond to a direct ping.) – quack quixote – 2010-02-19T11:47:21.920
1but are they listed if you clear the arp cache first? (I think it's: arp -d *) – fluxtendu – 2010-02-19T12:18:37.850
+1, @quack, you are right. For some local reasons I did not actually try this out on my network (this would be detected as a 'scan' on my network :-). Ping to the broadcast address is a better option. Tho, the network address will also work on some variants (I checked from a linux machine). – nik – 2010-02-19T12:22:58.433
@fluxtendo +1, thanks, i wondered about that. yes, the winxp system shows the arp cache cleared, and after pinging the broadcast address the arp cache is populated correctly again. (the debian system seems to refresh its arp cache too quickly to test.) – quack quixote – 2010-02-19T12:28:03.600
@nik: yes, the linux system claims to be pinging to broadcast when i tried the network address, but that odd response from the Win-7 machine only happened when i pinged the broadcast. on winxp, pinging the network address results in "Destination specified is invalid." – quack quixote – 2010-02-19T12:29:39.493
i was wrong, the Win-7 machine was off. it was a freakin' iPod Touch responding. go figure. – quack quixote – 2010-02-19T17:56:53.890