LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   list all hosts and ips with in subnet (https://www.linuxquestions.org/questions/linux-server-73/list-all-hosts-and-ips-with-in-subnet-4175734823/)

sag2662 03-12-2024 06:02 AM
list all hosts and ips with in subnet
 
Hi all,

I wanted to list all hosts that are in network for ex: (192.168.100.24/24). I tried using nmap scan but it only lists the hosts which are up.Can we somehow lists all the hosts that are up and down.

I used the below

Code:
nmap -sn 192.168.100.24/24 -oG output

pan64 03-12-2024 06:55 AM
no, how do you think that? If the host is down it is not connected to anywhere, does not belong to any network.
Do you think if I bring 20 RPi's into the room they should be listed as well?

sag2662 03-12-2024 07:20 AM
Quote:
Originally Posted by pan64 (Post 6489190)
no, how do you think that? If the host is down it is not connected to anywhere, does not belong to any network.
Do you think if I bring 20 RPi's into the room they should be listed as well?
Ofocurse not, atleast I wanted to lists all the hosts available with in the network. Any other tool that we can use

TenTenths 03-12-2024 07:47 AM
Quote:
Originally Posted by sag2662 (Post 6489194)
I wanted to lists all the hosts available with in the network.
192.168.0.1 all the way through to 192.168.100.254 are available.

Quote:
Originally Posted by sag2662 (Post 6489194)
Any other tool that we can use
Go back to your firewall logs and look for any traffic within that address space. Of course that won't list any internal traffic.

Quote:
Originally Posted by sag2662 (Post 6489194)
Any other tool that we can use
Use your body to go turn on all the hosts and then do a ping scan. Of course that only works if ICMP isn't blocked by the host at firewall level.

Quote:
Originally Posted by sag2662 (Post 6489194)
Any other tool that we can use
Compare the output of nmap, ping sweeps, etc. with your reference list of known authorized assets and see which are missing.

sag2662 03-12-2024 08:56 AM
Quote:
Originally Posted by TenTenths (Post 6489202)
192.168.0.1 all the way through to 192.168.100.254 are available.

Go back to your firewall logs and look for any traffic within that address space. Of course that won't list any internal traffic.

Use your body to go turn on all the hosts and then do a ping scan. Of course that only works if ICMP isn't blocked by the host at firewall level.

Compare the output of nmap, ping sweeps, etc. with your reference list of known authorized assets and see which are missing.
Unfortunately dont have access to firewall logs, I meant hosts available means ( Ipaddress is registered and dns configured ).

pan64 03-12-2024 10:33 AM
Again, you cannot collect any information about hosts which are unavailable, down. Cannot read their configuration. They may or may not connect to the network. Also you may change DHCP, firewall, ... to enable/disable their access to that network.

rclark 03-12-2024 11:33 AM
Quote:
nmap only lists the hosts which are up.
That is correct operation. There is no way a program can 'know' which devices are not on the network (device network down, kernel faulted, or powered off). Just not doable. Like holding an un-powered RPI in your hand and expecting the network that it is there in the room. Not going to find it!

Only way i know is to get an initial list of all the devices that are on the network and then when you run nmap, you can compare that list against the known list. Normally though you should have a good idea what is not on the network because whatever its function is is no longer available which points you to the device.

chrism01 03-12-2024 10:45 PM
Quote:
Ipaddress is registered and dns configured
Look in your DNS server ...

sag2662 03-13-2024 12:57 PM
Thanks for the suggestions.

MadeInGermany 03-13-2024 07:32 PM
DNS is not list-able, so
Code:
getent hosts
won't work with DNS.
But you can try the bash command
Code:
getent hosts 192.168.100.{0..255}

murugesandins 05-01-2024 10:49 AM
Quote:
Originally Posted by MadeInGermany (Post 6489579)
DNS is not list-able, so
Code:
getent hosts
won't work with DNS.
But you can try the bash command
Code:
getent hosts 192.168.100.{0..255}
:)
Applicable at windows also(output at my localhost)
Code:
$ /usr/bin/getent.exe hosts 103.244.124.{0..100} | /usr/bin/tail -n 10
103.244.124.91  DOP-103-244.sify.net
103.244.124.92  DOP-103-244.sify.net
103.244.124.93  DOP-103-244.sify.net
103.244.124.94  DOP-103-244.sify.net
103.244.124.95  DOP-103-244.sify.net
103.244.124.96  DOP-103-244.sify.net
103.244.124.97  DOP-103-244.sify.net
103.244.124.98  DOP-103-244.sify.net
103.244.124.99  DOP-103-244.sify.net
103.244.124.100 DOP-103-244.sify.net
$ /usr/bin/getent.exe hosts 103.244.124.{0..100} | /usr/bin/head -n 10
103.244.124.0  DOP-103-244.sify.net
103.244.124.1  DOP-103-244.sify.net
103.244.124.2  DOP-103-244.sify.net
103.244.124.3  DOP-103-244.sify.net
103.244.124.4  DOP-103-244.sify.net
103.244.124.5  DOP-103-244.sify.net
103.244.124.6  DOP-103-244.sify.net
103.244.124.7  DOP-103-244.sify.net
103.244.124.8  DOP-103-244.sify.net
103.244.124.9  DOP-103-244.sify.net

wpeckham 05-01-2024 12:15 PM
You might use a network monitoring application running in a host on a span port and building historical data about any node that comes up on your subnet. It will ONLY detect nodes that have been turned on and on the subnet DURING ITS RUN-TIMES, so you will get a list going forward but no backward historical data.

I have used NAGIOS and ZABBIX in enterprise environments, but I suspect for a small network something smaller should serve better. Something based upon ipscanner, nmap, or other application level tools might be leveraged here.


All times are GMT -5. The time now is 09:34 AM.