Finding other computers on network over command line

I've got a handful of Macs on my home network, and shell access to only one of them from the outside. How can I figure out what IP address of the other machines are?

Jon Haddad

Posted 2010-04-29T19:41:50.207

Reputation: 403

Answers

Try arp -a to see your computer's current arp table. It will show only those IP addresses your computer has interacted with. Output like this (obscured a little to hide MAC addresses on my network):

$ arp -a
? (10.1.168.1) at xx:xx:9e:82:ab:f6 on en1 ifscope [ethernet]
? (10.1.168.16) at xx:xx:29:d3:17:8 on en1 ifscope [ethernet]
? (10.1.168.115) at xx:xx:2:4f:76:14 on en1 ifscope [ethernet]
? (10.1.168.131) at xx:xx:6b:d0:36:a5 on en1 ifscope [ethernet]
? (10.1.168.134) at (incomplete) on en1 ifscope [ethernet]
? (10.1.168.137) at xx:xx:65:46:cd:b8 on en1 ifscope [ethernet]
? (10.1.168.255) at ff:ff:ff:ff:ff:ff on en1 ifscope [ethernet]
? (192.168.4.255) at ff:ff:ff:ff:ff:ff on vmnet8 ifscope [ethernet]
? (192.168.110.255) at (incomplete) on vmnet1 ifscope [ethernet]

If you don't have further information on which computer is which, you can gain a little more information by identifying the manufacturers of the network cards through MAC address lookup.

Doug Harris

Posted 2010-04-29T19:41:50.207

Reputation: 23 578

What does it mean "arp -a will show only those IP addresses your computer has interacted with." ? Should I ping the broadcast (192.168.110.255) first and get response from every device and then use arp to get a complete list since I just interacted/pinged all the device? – Weishi Zeng – 2015-04-02T23:37:41.183

12Sorry it took almost 4 years to mark this as correct. – Jon Haddad – 2014-03-14T17:00:11.257

Assuming all the other machines are in the same broadcast domain as the one to which you have access, pinging the broadcast address will often suffice. It will not find machines that are asleep, nor those configured to not respond to pings, nor those that will respond to pings but not to broadcast pings.

% ifconfig -a | grep broadcast
        inet 192.168.1.241 netmask 0xffffff00 broadcast 192.168.1.255
% ping -i 5 -c 2 192.168.1.255
PING 192.168.1.255 (192.168.1.255): 56 data bytes
64 bytes from 192.168.1.241: icmp_seq=0 ttl=64 time=0.393 ms
64 bytes from 192.168.1.254: icmp_seq=0 ttl=255 time=2.511 ms (DUP!)
64 bytes from 192.168.1.65: icmp_seq=0 ttl=64 time=5.810 ms (DUP!)
64 bytes from 192.168.1.255: icmp_seq=0 ttl=64 time=7.886 ms (DUP!)
64 bytes from 192.168.1.241: icmp_seq=1 ttl=64 time=0.312 ms

--- 192.168.1.255 ping statistics ---
2 packets transmitted, 2 packets received, +3 duplicates, 0% packet loss
round-trip min/avg/max/stddev = 0.312/3.382/7.886/3.010 ms

The first and last response will almost always be your local machine. The (DUP!) responses are from other machines (though this example also show some machine responding with the broadcast address itself, which is not terribly useful).

You might also try the all-ones broadcast address:

% ping -i 5 -c 2 255.255.255.255
PING 255.255.255.255 (255.255.255.255): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.392 ms
64 bytes from 192.168.1.254: icmp_seq=0 ttl=255 time=3.053 ms (DUP!)
64 bytes from 192.168.1.65: icmp_seq=0 ttl=64 time=8.685 ms (DUP!)
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.319 ms

--- 255.255.255.255 ping statistics ---
2 packets transmitted, 2 packets received, +2 duplicates, 0% packet loss
round-trip min/avg/max/stddev = 0.319/3.112/8.685/3.401 ms

This example shows less cruft. All the (DUP!)s are other machines and the local machine is easily identified as 127.0.0.1.

Chris Johnsen

Posted 2010-04-29T19:41:50.207

Reputation: 31 786

Your Macs all have hostnames so you shouldn't need to know IP addresses. Instead you'll just use the hostname.

The hostnames are based on whatever name you've given the computer. So if the computer is named "Jon's Mac" the hostname you'll use is something like "jons-mac.local".

$ ssh jons-mac.local

If you don't already know your computers' hostnames then you can find out a computer's hostnames in the sharing preferences on that computer, or you can find out the hostnames of other computers on the network using the dns-sd command. This command uses Bonjour to let you browse network services; you'll only find computers that are actually advertising some network service (which, by and large, are the only ones you care about).

If you want to connect to some computer providing ssh, you can find the available computers using:

dns-sd -B _ssh._tcp .

In general you can search for hosts providing particular services using the service names: http://www.dns-sd.org/ServiceTypes.html

The Bonjour protocol also provides the ability to browse for all services, not just particular ones. You can do this by browsing for the special service _services._dns-sd._udp

dns-sd -B _services._dns-sd._udp .

The question is asking about finding other computers on the network from the command line, but you can also browse dns-sd advertised services in the GUI. For example Terminal.app > New Remote Connection... brings up a window that shows advertised ssh, sftp, ftp, and telnet services.

bames53

Posted 2010-04-29T19:41:50.207

Reputation: 207

How fast can you expect this command dns-sd -B _ssh._tcp . to take to run? – AJP – 2017-04-02T07:10:43.343

1@AJP If there are any ssh services being advertised it should begin returning results immediately. But if by 'finish' you mean exit, it doesn't exit; the command runs a long-lived query and outputs changes continuously as services appear and disappear from the network until you kill it. – bames53 – 2017-04-02T11:15:19.800

You could try using dns-sd in order to perform Bonjour queries on the LAN.

Ignacio Vazquez-Abrams

Posted 2010-04-29T19:41:50.207

Reputation: 100 516

3I love that this answer is OS X specific and hooks into bonjour to avoid getting additional network details I wouldn't care about (in the context of this question). The specific command that worked for my needs was: dns-sd -B _ssh._tcp . – stevenhaddox – 2013-02-18T13:14:21.083

Maybe it's a bit of overkill but you could use nmap

Wagnarock

Posted 2010-04-29T19:41:50.207

Reputation: 558

1While this may answer the question, it would be a better answer if you could provide some explanation why it does so. – DavidPostill – 2017-05-02T10:39:16.973

A quick CLI one liner to step through /24 subnet ping each IP address. Quick and kind of dirty, but it works.

for (( x=1; x <= 254; x++ )); do ping -c 3 192.168.0.$x; done

Explanation: To change the range, change x=1 to x=130, or whatever you want to start at, and 254 to the end, say 135.

for (( x=130; x <= 135; x++ ));

ping -c 3 is send three pings. To change the number of pings change the 3 to something else, and to change the address range, change the 192.168.0 to something else.

do ping -c 30 10.10.0.$x;

quinnr

Posted 2010-04-29T19:41:50.207

Reputation: 159

This is anything but quick, for me... – Max Williams – 2015-08-18T15:38:57.723

It's a Quick and Dirty solution. As in, it's quick to implement in the absence of the correct tools like nmap, and it's not as performant as the correct tools, like nmap. Pinging hosts can take a while when they don't respond, and since this isn't multithreaded, it will take a while when a host doesn't respond. On the plus side, it doesn't require anything besides bash. – quinnr – 2016-07-29T15:30:31.517

1you could simply use fping to do this : fping -ag 172.16.0.0/16 – ıɾuǝʞ – 2013-08-22T13:58:55.560

If you know the name of the other computers in the LAN, the simplest way is to ping them:

$ ping foobar

Pinging foobar.lan [192.168.0.25] with 32 bytes of data:

Reply from 192.168.0.25: bytes=32 time<1ms TTL=64
Reply from 192.168.0.25: bytes=32 time<1ms TTL=64

This may depend on your local router or DHCP server. If the bare hostname doesn't work, try appending .local (ie, ping hostname.local).

Obviously this doesn't work well for large LANs or people with poor memories.

quack quixote

Posted 2010-04-29T19:41:50.207

Reputation: 37 382

If you're using Macs, (assuming 10.5 or greater,) just enable VNC for desktop access and use Flame.app.

http://husk.org/apps/flame/

It's a really nice little utility that gives you exactly what you need, really quickly. The only thing is that you would have to go farther than SSH.

tylerm

Posted 2010-04-29T19:41:50.207

Reputation: 23

For Windows:

1) Write: for /L %I in (1,1,254) DO ping -w 30 -n 1 168.29.0.%I This will ping all addresses in your local network

2) Then write: arp -a This will give you all addresses that answered

Chavdar

Posted 2010-04-29T19:41:50.207

Reputation: 11

Every MAC user has a Windows OS sitting around... You cannot live without it... :D – user2173353 – 2015-04-02T15:02:53.287

Of course it depends on your local network address.In my case it is 168.29.0.xxx. Yours might be something like 192.168.0.xxx – Chavdar – 2014-03-28T13:51:02.347

1Your answer is based on Windows while the OP stated he is using a Mac. Can you edit your question to take this into account or state if your solution would work on a Mac. – Matthew Williams – 2014-03-28T14:04:46.307