How to discover the IP addresses within a network with a bash script?

Install arp-scan (sudo apt-get install arp-scan) and add the following line to the script:

IPs=$(sudo arp-scan --localnet --numeric --quiet --ignoredups | grep -E '([a-f0-9]{2}:){5}[a-f0-9]{2}' | awk '{print $1}')

Now you have all the active IP addresses in the IPs variable.

Note: this will only work on a directly connected network, i.e. not accessed through a router.

PS: If you install gawk the command can be shortened to (thanks belacqua):

IPs=$(sudo arp-scan --localnet --quiet --ignoredups | gawk '/([a-f0-9]{2}:){5}[a-f0-9]{2}/ {print $1}')

This answer uses the nmap command to gather information of active hosts in the network.

Nmap ("Network Mapper") is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

Assuming you need to scan the 192.168.0.X range, you can try:

nmap -v -sP 192.168.0.0/24

Where 192.168.0.0 is the network address and /24 is the network mask equivalent to 255.255.255.0. Thus the above command will scan 256 hosts.

To collect the active IP addresses, one can use the following line:

IPS_UP=$(nmap -nsP 192.168.0.0/24 2>/dev/null -oG - | grep "Up$" | awk '{printf "%s ", $2}')

It actually concatenates the list of active IP addresses (filtered by grep) into a variable called IPS_UP:

• nmap is run with switches -n (no name resolution), -sP (ping scan) and -oG to output a grep processable output onto the standard output (-).
• grep filters only lines containing the word "Up" at the end of line ("$").
• awk prints the second column in the list output by nmap, which is the IP address, and appends a space.
• The $() command substitution allows the output of the chain of commands to be assigned to the IPS_UP variable.

The Network Mapper can be installed by using sudo apt-get install nmap.

Note
nmap might discover more hosts if run by a privileged user. This is because different kind of packets are sent to scan a host. By modifying the above line to read sudo nmap ... allows to run the nmap command as root.

Obviously this is a bad idea, but I gave it a try

#!/bin/bash

IP=$(ifconfig eth0 | grep Mask | cut -d ':' -f2 | cut -d " " -f1)
Mask=$(ifconfig eth0 | grep Mask | cut -d ':' -f4 | cut -d " " -f1)
IFS=.
IPArray=($IP)
MaskArray=($Mask)
NetArray=()
Start=0
Max=$(( 255 * 255 * 255 * 255 ))
for key in "${!IPArray[@]}";
do
   NetArray[$key]=$(( ${IPArray[$key]} & ${MaskArray[$key]} ))
   Start=$(( $Start + (${NetArray[$key]} << (3-$key)*8) )) 
done
IFS=
echo "Your IP Address   : $IP"
echo "Your N/W Mask     : $Mask"
echo "Your N/W Address  : ${NetArray[@]}"
echo "IPs to be Checked : $(( $Max - $Start ))"
for ((IPs=$Start; IPs <= $Max; IPs++))
do 
   IP=$(( IPs >> 24 ))
   IP="$IP.$(( (IPs >> 16) & 255 ))"
   IP="$IP.$(( (IPs >> 8) & 255 ))"
   IP="$IP.$(( IPs & 255 ))"
   $(ping -c 1 -w 1 $IP >& /dev/null)
   if [[ $? -eq 0 ]]; then
      echo "$IP exists in Network. Just $(( $Max - $IPs )) more to go."
   fi
done