How can I list all IPs in the connected network, through Terminal preferably?

Question

Using Ubuntu 10.10 command line, how can I list all IPs connected to my home network?

Ideally, it needs to be a CLI command as I will be running it from C++.

http://askubuntu.com/questions/82480/how-to-see-all-computers-connected-to-a-network || http://serverfault.com/questions/72380/is-it-possible-to-find-a-list-of-machines-and-or-ip-addresses-connected-to-the-l — Ciro Santilli OurBigBook.com, Nov 30 '15 at 11:30
More duplicates: **1.** [Getting all IPs of devices connected to the same router](http://unix.stackexchange.com/q/163667/48683). **2.** [Display list of computers on a LAN in Linux](http://superuser.com/q/311019/210781) — Alexander Malakhov, Oct 22 '16 at 09:08
**3.** [Best method and tools for local IP scanning](http://serverfault.com/q/63233/208679) — Alexander Malakhov, Oct 22 '16 at 09:21

score 297 · Accepted Answer · edited Mar 25 '13 at 07:05

297

Check out the arp-scan command - you will probably have to install it eg:

sudo apt-get install arp-scan

http://manpages.ubuntu.com/manpages/hardy/man1/arp-scan.1.html

And to give further detail:

sudo arp-scan --interface=eth0 --localnet

Where eth0 is your device. You can find your device with:

ifconfig

edited Mar 25 '13 at 07:05

Jason Brower

103
4

answered Mar 24 '11 at 13:37

Linker3000

27,498
3
52
73

Perfect, thank you. Returns exactly the format I need. – Christopher Gwilliams Mar 24 '11 at 14:09
1

Works perfectly on OSX too! Installed with Brew, and interface was en0, rather than eth0, but works great. – nthonygreen Apr 13 '13 at 16:00
6

If your connected to your network using wifi use `wlan0` instead of `eth0`. – Neil Sep 15 '13 at 12:04
3

Can you get this to list hostnames as well as IP addresses? – user1527227 Feb 04 '14 at 18:57
2

It's worth noting that this does not use the ARP cache: it performs an actual scan. Unlike most nmap scans, this cannot cross layer 3 boundaries, which is usually what you want in this scenario. (In other words, it's limited to your subnet.) – Zenexer Sep 29 '14 at 12:26
On newer versions, it has become `p1p1` instead of `eth0` – Grammargeek Mar 25 '16 at 12:05
what is the difference comparing with nmap? – dspjm Feb 07 '17 at 00:23
On Debian Jessie, this does not work if the computer from which you are issuing the command is connected via wifi to the network. `nmap`, on the other hand, works in both cases: cable and wifi. – Federico Jun 11 '17 at 02:25
works on CentOS 7. – Jeff Oct 11 '17 at 00:24
What For windows? – pyd Nov 12 '17 at 16:11
This is not getting me any results. I just get `Starting arp-scan 1.9.5 with 256 hosts` followed immediately by `32 packets received by filter, 0 packets dropped by kernel` and no IP addresses in between as I've been reading. – m4l490n May 09 '20 at 15:01
If you're on a machine that doesn't have `ifconfig`, you could try `ip a` – Ben Nov 13 '20 at 12:25

score 139 · Answer 2 · edited Jan 22 '13 at 02:13

139

Use nmap. example: nmap -sn 10.10.10.0/24 The arp cache will only tell you those that you have tried to contact recently.

edited Jan 22 '13 at 02:13

Optimized Coder

17
5

answered Mar 24 '11 at 13:38

Keith

8,013
1
31
34

4

is 10.10.10.0 my given IP? What is 24 in this case? Thanks. – kolonel Apr 20 '15 at 07:15
6

@kolonel That's just an example. You should substitute it with your network. The 24 is "slash notation" of the subnet mask. It means use 24 bits from the left. It's equivalent to 255.255.255.0. – Keith Apr 25 '15 at 17:05
2

@Keith do you know how I'd find out my network address to use? Or is it just my IP with 0/24 at the end? – TMH Jan 25 '16 at 11:01
2

@kolonel:https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing – arkod Feb 10 '16 at 19:56
1

He is right. "arp" only shows ip addresses which we tried to contact recently. I cleared arp cache and again listed "arp -a" and found nothing. If in case anyone want to clear arp cache use this command "`ip -s -s neigh flush all`". – learner Dec 08 '19 at 14:37
Hello @Keith use `ip route` to get "slash notation" of the subnet mask. – Ankit Tiwari Dec 11 '22 at 16:06

score 26 · Answer 3 · edited Dec 28 '20 at 16:34

26

In windows this would be arp -a an equivalent of that in Linux would be arp -e.

From the man page for arp:

arp with no mode specifier will print the current content of the table.
-e : Use default Linux style output format (with fixed columns).

edited Dec 28 '20 at 16:34

Giacomo1968

53,069
19
162
212

answered Mar 24 '11 at 13:33

David

7,339
6
33
51

1

That looks like it works (may need to have a play as I am on a public network so it only seems to list all the servers on the network. – Christopher Gwilliams Mar 24 '11 at 13:37
If I am on a home network, will it just list the devices connected to my router? Thanks! – Christopher Gwilliams Mar 24 '11 at 13:37
2

That command will only list the devices in the hosts current arp cache and that will only be the ones which the host has contacted recently. – Linker3000 Mar 24 '11 at 13:38
Both work on Linux, but `arp -a` displays (all) hosts in alternative (BSD) style. Simpy running `arp` does the same as running `arp -e` beacuse that's the default. – simplegamer Sep 02 '16 at 20:48

score 22 · Answer 4 · edited Apr 09 '16 at 23:15

22

If your network is 192.168.0.0/24, make an executable file with the following code; Change the 192.168.0 to your actual network.

#!/bin/bash
for ip in 192.168.0.{1..254}; do
  ping -c 1 -W 1 $ip | grep "64 bytes" &
done

edited Apr 09 '16 at 23:15

Giacomo1968

53,069
19
162
212

answered May 17 '13 at 18:45

Anders Larsson

221
2
2

Hi Anders... The user's network might not be 192.168.0.0/24; I made a note. The site's formatting did not like a bare #!, and so clobbered the formatting of the code snippet: when entering code, use the blockquote or preformatted text buttons, and review your answer for proper formatting before submitting it, as carriage returns, tabs, and spaces might have been stripped. – Nevin Williams May 17 '13 at 19:34
As well, when supplying a script that needs to be put into a file and made executable, rather than simply cut & pasted, it's probably best that you specify this; it may not be obvious to some what all is required to implement your solution. – Nevin Williams May 17 '13 at 19:37
15

Technically, this will only return hosts that respond to ping. There may be hosts that are connected, but not replying to ICMP echo requests. As well, one can broadcast one packet to an entire network by specifying the broadcast address, which is the last address in the IP network: ping -c 1 -W 1 192.168.0.255 would accomplish the same as the for loop. – Nevin Williams May 17 '13 at 19:45
2

@NevinWilliams (required -b, removed -W to wait more) `ping -b -c 1 192.168.0.255` result "1 packets transmitted, 0 received, 100% packet loss, time 0ms" – Aquarius Power Oct 31 '16 at 21:17

squirl · Answer 5 · 2016-04-09T22:58:37.097

17

Try installing nmap (sudo apt-get install nmap) and type nmap 192.168.1.0/24 substituting 192.168.1 with the first three parts of your ip address (find out using ip addr).

You can also get a slightly less accurate (in my experience) map of a network by running ping 192.168.1.255 (again substituting 192.168.1), which should issue a ping to every machine on the network, but, in my experience, does not always function correctly.

edited Apr 09 '16 at 22:58

answered Sep 08 '13 at 18:56

squirl

281
2
8

Actually, none of the answers will always work correctly. IP wasn't designed with this requirement in mind, and there are things like Private VLANs which make it impossible to find any other hosts on the same LAN. – Ron Maupin Apr 09 '16 at 23:22

Alexander Malakhov · Answer 6 · 2016-10-22T09:09:47.757

7

For a more compact list of connected devices:

nmap -sL 192.168.0.* | grep \(1

Explanation.

nmap -sL 192.168.0.* will list all IPs in subnetwork and mark those, that have name:

Nmap scan report for 192.168.0.0
Nmap scan report for Dlink-Router.Dlink (192.168.0.1)
Nmap scan report for 192.168.0.2
...
Nmap scan report for android-473e80f183648322.Dlink (192.168.0.53)
...
Nmap scan report for 192.168.0.255

As all interesting records start with parenthesis ( and digit 1, we filter for that with | grep \(1 (backslash is needed to escape parenthesis)

Quirk
Beware that if two devices have the same name, nmap will show only the one, that was connected to router last

edited Oct 22 '16 at 09:09

answered Oct 20 '16 at 10:32

Alexander Malakhov

195
3
6

If the you have the exact same answer for two questions then it may be worth considering flagging the questions as duplicate rather than posting duplicate answers. That way knowledge can be shared as similar questions get linked together. – Mokubai Oct 22 '16 at 07:02
1

@Mokubai You are right, I've add comment to the OP. This shows an interesting problem. A *quick* search discovered 6 duplicates (this Q and 5 links) across 4 network sites (SU, Ask Ubuntu, SF, Unix). Sure there are much more! How do I handle this ? Ideally, each of these 6 posts should link to 5 others. Adding all these links by hand clearly doesn't scale. So, for now I've linked to this post (most upvoted). Another problem is that it's impossible to mark Q on AskUbuntu as a duplicate of the Q on SU. Hm... Probably, this was already discussed on the meta ? – Alexander Malakhov Oct 22 '16 at 09:35
doesn't work for me on Centos 7, just lists every possible IP address in the network with no names. arp-scan worked for me. – Jeff Oct 11 '17 at 00:20

score 4 · Answer 7 · edited Apr 21 '17 at 16:08

4

Came up with the following on a nexus using tmux as arp-scan isn't in the repo but nmap came pre-installed, displays just the ip addresses:

nmap -sn 192.168.1.1-254/24 | egrep "scan report" | awk '{print $5}'

edited Apr 21 '17 at 16:08

Philip Kirkbride

504
2
5
20

answered Oct 30 '16 at 20:33

zentek

41
1

score 1 · Answer 8 · answered Jul 06 '18 at 10:04

Ellaborating on Anders Larrson's answer -

#!/bin/bash
function scan ()
{
    for ip in $1.{1..254}; do
        ping -c 1 -W 1 $ip &
    done | sed -nE 's:^.* from ([0-9.]+).*time=(.*s)$:\1 (\2):p'
}

if [ $1 ]; then
    for baseip; do
        scan $baseip
    done
else
    scan 192.168.1
fi

le_top · Answer 9 · 2021-08-18T13:42:37.760

This Answer determines the subnet by itself while in the other answers you need to provide it.

The script uses arp -a or ip -o -f inet addr show to find the subnet.

I've build the script elaborating on @anders-larsson and @mathieu-caroff 's answers. I avoid the use of 'nmap', but the script is easily amended to use nmap.

Basically, $baseip is built using bash replacement macros in the second part of the script if no parameter is provided on the command line. Otherwise it will scan the provided subnet (style: 192.1.5 without the third dot last byte of the IP).

#!/bin/bash
function scan ()
{
    for ip in $1.{1..254}; do
        ping -c 1 -W 1 $ip &
    done | sed -nE 's:^.* from ([0-9.]+).*time=(.*s)$:\1 (\2):p'
    wait
}

if [ $1 ]; then
    for baseip; do
        scan $baseip
    done
else
    baseip=$(arp -a) && baseip=${baseip%%\)*} && baseip=${baseip##*\(}
    if [ $baseip"" == "" ] ; then
      baseip=$(ip -o -f inet addr show|grep "scope global") && baseip=${baseip##* inet} && baseip=${baseip%%/*}
    fi
    baseip=${baseip%.*}
    scan $baseip 
fi

score 0 · Answer 10 · answered Mar 24 '21 at 16:57

0

Here another solutions in terminal:

nmap -sn 192.168.1.0/24

(if your router ip is starting with 192.168.1._ )

or

ip n

or

ip -r n

answered Mar 24 '21 at 16:57

PAPPL

1
2

How can I list all IPs in the connected network, through Terminal preferably?

10 Answers10

Linked