Paul M Foster wrote:
> Anyone know of a command that will cause other machines on a subnet to
> echo back their IPs and names? Obviously, this wouldn't work if you had
> to know the names of the machines first. So it would have to be like a
> broadcast command that used ICMP or something to cause others to answer.
> Anyone know of such a beast? Seems like I should know this, but I don't.
>
The best command for this is really nmap:
# nmap -sP 192.168.1.1-254
If you don't use "-n", the DNS for the IPs will be resolved back into
their names (if the IPs have in-addr.arpa entries on your nameserver).
On any box, you should be able to see the recently cached ARP entries:
arp -a
Again, if you don't include "-n", the DNS for the IPs will be resolved
back into their names (if the IPs have in-addr.arpa entries on your
nameserver).
Finding the "names" of the machines on the segment requires something
beyond ARP or any kind of ICMP or UDP echo query.
On a "pure" IP segment, you can find machine names using:
- SMB over IP Netbios naming requests (see below)
- an authorative in-addr.arpa DNS nameserver for your network segment
(via dynamic or static assignment)
- sniffing DHCP leases.
- a naming service like rwhod (not really used by anyone anymore)
- watching SLP announcements and other zero-conf broadcasts (ala
"bonjour", previously "rendezvous")
On a windows box, you can use "nbtstat" to display the local b-node
broadcasts currently cached by your windows box. This requires that all
boxes on the segment are running something like Samba "nmbd", or windows
file and print services:
c:\> nbtstat -c
The equivalent command under linux is nmblookup, though nmbd would need
to be configured to keep a list of the local b-node broadcasts (if
acting as a WINS server). You can also loop through the IPs and use
nmblookup on each IP to ask a machine for its name (p-node):
# for digit in `seq 1 254`; do if ping 192.168.1.$digit &> /dev/null
; then nmblookup -A 192.168.1.$digit; fi ; done
So, to sum up: nmap is the first tool I use when mapping a segment.
Netbios over IP b-node broadcasts are the second. DHCP leases are the
third. You can loop through each host and do a p-node lookup using
nmblookup (or nbtstat under windows). Beyond this, you'll need to sniff
the segment and see if any other messages appear that contain the hostname.
Hope this helps.
- Ian C. Blenke <ian@blenke.com> http://ian.blenke.com/
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:50:36 EDT