Tip - Quick Method To Scan Hosts Using ping
Assuming the router you’re connected to doesn't filter any IPv4 broadcasts, you can use ping and arp to perform a quick scan of your network.
For example, if your network is 192.168.1.0/24:
ping 192.168.1.255
(on Linux, the -b option is often required to perform a ping broadcast)
Will return something similar to:
Thireus:~ thireus$ ping 192.168.1.255
PING 192.168.1.255 (192.168.1.255): 56 data bytes
64 bytes from 192.168.1.102: icmp_seq=0 ttl=64 time=0.087 ms
64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=0.553 ms (DUP!)
64 bytes from 192.168.1.152: icmp_seq=0 ttl=64 time=124.870 ms (DUP!)
64 bytes from 192.168.1.102: icmp_seq=1 ttl=64 time=0.065 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.454 ms (DUP!)
64 bytes from 192.168.1.152: icmp_seq=1 ttl=64 time=39.073 ms (DUP!)
Then the arp command can be used to list all MAC adresses associated to the IPs above:
Thireus:~ thireus$ arp -a
? (192.168.1.1) at 0:14:8d:41:87:1a on en0 ifscope [ethernet]
? (192.168.1.102) at e3:7a:2b:79:55:11 on en0 ifscope [ethernet]
? (192.168.1.152) at e1:15:d6:55:34:12 on en0 ifscope [ethernet]
? (192.168.1.255) at ff:ff:ff:ff:ff:ff on en0 ifscope [ethernet]