LAN computer detection

[user0182]

i do have some experience with NMAP and it is an awesome tool, i know that to detect all machines on a LAN one would have to scan the whole subnet. but i don't know how to scan the subnet for just machines, and not ports on those machines.

can one use NMAP to just scan for machines, and not ports, and if so how?


thanks for your help,

- user0182

[brokencrow]

I like null scans for a quick peek at a network.

nmap -sN -P0 192.168.1.0/24

Make sure the ip address matches your LAN's. The results will look like this:
---------------------------------------------------------
C:\Users\brokencrow>nmap -sN -P0 192.168.1.0/24

Starting Nmap 4.68 ( http://nmap.org ) at 2008-08-20 20:12 Eastern Daylight Time

All 1715 scanned ports on 192.168.1.1 are open|filtered
MAC Address: 00:1B:2F:4D:C0:7E (Netgear)

Skipping NULL Scan against 192.168.1.2 because Windows does not support scanning
your own machine (localhost) this way.
0 ports scanned on 192.168.1.2

All 1715 scanned ports on 192.168.1.3 are closed
MAC Address: 00:03:94:0A:84:F2 (Connect One)

All 1715 scanned ports on 192.168.1.7 are closed
MAC Address: 00:1A:4D:7C:6B7 (Giga-byte Technology Co.)

All 1715 scanned ports on 192.168.1.18 are open|filtered
MAC Address: 00:13:20:8F:E3:5E (Intel Corporate)

All 1715 scanned ports on 192.168.1.61 are open|filtered
MAC Address: 00:1F:29:37:48:5B (Hewlett Packard)

All 1715 scanned ports on 192.168.1.62 are closed
MAC Address: 00:A0:A4:13:21:62 (Micros Systems)

All 1715 scanned ports on 192.168.1.63 are closed
MAC Address: 00:A0:A4:13:26:A3 (Micros Systems)

Nmap done: 256 IP addresses (8 hosts up) scanned in 50.947 seconds
----------------------------------------------------------------

Make sure to check out PsInfo, part of the PsTools pkg, for a very handy network tool, too.

[Negative]

using Windows one can view the machines on a LAN in a GUI (Start->Network->Network and Sharing Center->View computers and devices) so i would have assumed that there would also be a command (unless the GUI only shows the same details as the "Net View" command).

Just a quick remark here: the Network Map uses LLTD (Link Layer Topology Discovery), which doesn't come with Windows XP (and you mentioned that you have some XP computers in your network). In order for the Network Map to also show XP computers, you'll need to install an LLTD Responder on those computers.

[Ignatius]

Net view is half the answer, we are getting somewhere Now is there a switch you can add to net view to display Ip addresses and not just computer names.

Care to elaborate? I've done some searching and, on my XP Pro, Net View /? yields:

NET VIEW
[\\computername [/CACHE] | /DOMAIN[:domainname]]
NET VIEW /NETWORK:NW [\\computername]

so I'm not sure what switch to add to Net View.

I realise there have been several posts with other recommendations.

[user0182]

hey Ignatius,

i'll try to elaborate, but i not sure about all of this as i'm not in a position to play around with it at the moment.

although, i think the basics are, that the command "net view" typed at the MS DOS Prompt should provide you with a list of the names of all computers on your LAN with shared resources. then the command "net view [computer_name]" should give you a list of shared resources on the specified computer.

i suspect that the limitations of this command are that it only list computer names not IP addresses and that it only shows shared resources on other MS Windows machines. but, as i said i am not currently able to test this, maybe you could test this for me.


regards,

- user0182

[Ignatius]

I realise that net view generates a list of computer names. I've tried to create a batch file which strips out the extraneous rubbish (I've done that by net view |find "\\") and sending that to a text file (which I'd then step through and ping using a for loop) but it's not possible ping a computer name which starts with \\. I don't think it's possible to search and replace using batch so I can't get rid of the \\ automatically.

I'm not aware of a switch for net view to return IP addresses, rather than computer names, so I'm intrigued by Cider's comment.

[Cider]

Hey there

Well actually I do not know myself - I was hoping you guys would know

[Ignatius]

Well actually I do not know myself - I was hoping you guys would know

There isn't such a switch.

[Negative]

I don't think it's possible to search and replace using batch so I can't get rid of the \\ automatically.

http://www.dostips.com/DtCodeBatchFi...FindAndReplace

[Ignatius]

http://www.dostips.com/DtCodeBatchFi...FindAndReplace

Hey Negative, that's brilliant! I've seen comments several times (elsewhere) that it's not possible to search and replace using batch but clearly it is.

The technique that I'm trying now is:

1. net view |find "\\" > list.txt

then

2. BatchSubstitute.bat \\ "" > list2.txt

my next step will be to use list2.txt in a for loop to step through and ping the "pure" computer names then I guess the arp table can be interrogated (again, via batch) to return the LAN computers IP addresses.