Tip - Quick Method To Scan Hosts Using ping

Assuming the router you’re connected to doesn't filter any IPv4 broadcasts, you can use ping and arp to perform a quick scan of your network.

For example, if your network is 192.168.1.0/24:

ping 192.168.1.255 (on Linux, the -b option is often required to perform a ping broadcast)

Will return something similar to:

Thireus:~ thireus$ ping 192.168.1.255
 PING 192.168.1.255 (192.168.1.255): 56 data bytes
 64 bytes from 192.168.1.102: icmp_seq=0 ttl=64 time=0.087 ms
 64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=0.553 ms (DUP!)
 64 bytes from 192.168.1.152: icmp_seq=0 ttl=64 time=124.870 ms (DUP!)
 64 bytes from 192.168.1.102: icmp_seq=1 ttl=64 time=0.065 ms
 64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.454 ms (DUP!)
 64 bytes from 192.168.1.152: icmp_seq=1 ttl=64 time=39.073 ms (DUP!)

Then the arp command can be used to list all MAC adresses associated to the IPs above:

Thireus:~ thireus$ arp -a
 ? (192.168.1.1) at 0:14:8d:41:87:1a on en0 ifscope [ethernet]
 ? (192.168.1.102) at e3:7a:2b:79:55:11 on en0 ifscope [ethernet]
 ? (192.168.1.152) at e1:15:d6:55:34:12 on en0 ifscope [ethernet]
 ? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]

Related terms: