How can I find the IP of a Windows host from OS X?

Is there an easy way from the OS X (Lion) command line or Finder to determine the IP address of a Windows machine on the same subnet (in a home network)? Assume the machine itself is not easily accessible.

I know of the following ways:

Refer to the router(dhcp server)'s web admin page.
Use arp -a to get a list of recently accessed IPs and guess from there.

The machine does show up in Finder, so I know it's network computer name (which I'm guessing is a WINS name?), but not what workgroup it is. We are not on a domain.

I'm not entirely sure how OS X "maps" an SMB/WINS name, since doing something like pinging "mywindowsbox" fails, as does pinging "mywindowsbox.local".

Chris Weiss

Posted 2011-09-02T05:10:23.503

Reputation: 141

If you can find a way to inferface with the DHCP, that should be able to give you a list of all active IPs – Alex Waters – 2011-09-02T05:30:17.013

Answers

Use smbutil lookup HOSTNAME (Source).

This will give you the IP address of a given NetBIOS name.

I presume it’s the same as what the Finder does when connecting to an smb:// URL, so it’s probably subject to the same limitations (I don’t actually know what these are but I’ve noticed that the Finder is not always able to look up windows machines in the local network when other windows clients seemingly have no problem doing so).

Raphael Schweikert

Posted 2011-09-02T05:10:23.503

Reputation: 432

Do you not have access to the Windows machine?

Can you ping the IP of the Windows machine? If not, perhaps the Windows machine has its software firewall on preventing pings.

Also, if you have access to the router, it might list the hostname of the Windows machine.

update: Well, the name that shows up in the Finder should be the PCs hostname.

Keltari

Posted 2011-09-02T05:10:23.503

Reputation: 57 019

I've updates the question to provide more details. I don't have physical access to the machine. Not knowing the IP, what would I ping? – Chris Weiss – 2011-09-02T15:57:49.087

If you have nmblookup installed, try:

nmblookup hostname

Hostname would be the WINS name. This might return the IP address. Also look at the nmblookup man pages for other options that might get this working.

jftuga

Posted 2011-09-02T05:10:23.503

Reputation: 2 877

The information might be in a local nameserver; you can try:

nslookup HOSTNAME
   or
nslookup HOSTNAME.yourdomain.com

trindflo

Posted 2011-09-02T05:10:23.503

Reputation: 152

If you are on a closed network (private) and you are on a typical class C subnet (255.255.255.0) you can ping XXX.XXX.XXX.255. The .255 address is the broadcast address for the class C. Theoretically all hosts on the subnet will send ICMP echos to you. This should narrow down what hosts are actually alive on the network. From there, you can use the Network Utility (/Applications/Utilities/Network Utility.app) to do some fingerprinting and port scanning to figure out which one it is.

However, if the Windows machine ICMP echos disabled, this plan is foiled.

Just a note: the *.local domain is used for Bonjour. Unless the Windows box has Bonjour (or mDNSResponder) querying the local domain won't work.

C0D3M0NK3Y

Posted 2011-09-02T05:10:23.503

Reputation: 585