Home / server / Questions / 479778
Accepted
lacrosse1991
Asked: 2013-02-18 14:03:23 +0800 CST

how can I view all of the machine/host names on a network

  • 772

I am trying to find a reliable way to view all of the host/machine names on a local network, so for instance "Jim's Ipad" or "Austi's IMac". At the moment the only way I can do it is by looking through the dhcp request logs which usually shows the names, although I was wondering if there was a way to simply list all of the names on a network at once? I've tried nmap -sP 192.168.1.*, which only seemed to give the manufacturer of the machines instead of the actual machine/domain name:

MAC Address: 00:1D:BA:40:14:31 (Sony)
Host 192.168.1.109 is up (0.00073s latency).
MAC Address: 00:50:94:C8:1C:02 (Pace Micro Technology PLC)
Host 192.168.1.111 is up (0.00011s latency).
MAC Address: 00:24:8C:EA:F0:7D (Asustek Computer)
Host 192.168.1.112 is up (0.0054s latency).
MAC Address: 00:18:71:5C:D2:BA (Hewlett Packard)
Host 192.168.1.117 is up (0.0049s latency).

I've also tried tried nmap -sL 192.168.1.*, which does not seem to work at all, it just lists all of the IPs and says they are not scanned, no additional information or anything of the sort. I am running these commands from a debian server that is acting as a router/gateway for the network. Any help would be much appreciated, thanks!

networking

3 Answers

  1. Best Answer

    If you aren't running dynamic DNS or if all of your machines don't have a DNS entry, your dhcp database is probably as good a list as you are going to get. NMAP will not resolve hosthames without reverse DNS, AFAIK. Other scanners, like Angry IP scanner, might pick up the windows/cifs hostnames with netbios queries.

    • 4

  2. For a quick netbios scan on the just use nbtscan with nbtscan 192.168.1.0/24. This only works if you have only netbios-enabled devices (usually windows) on yuor network.

    For paranoid (but somewhat slower) host discovery you can do an advanced (-A) nmap scan to all ports (-p-) of your network's nodes with nmap -p- -PN -A 192.168.1.0/24

    If you control the router you can also inspect the arp tables, which is the surest way for discovery to get a list of active nodes on your network.

    • 0

  3. You can use dnsmasq as caching DNS server instead of bind. It also has a built-in DHCP server. When dnsmasq grants the lease, it stores hostname so you are able to lookup with host or nslookup. To retrieve full list of hosts just cat /var/lib/dnsmasq/dnsmasq.leases. It shows all actual IP address leases and hostnames.

    • 0