Find Local Devices Dhcp
Find Local Devices on your Network#
-
Find your ip on the network
en0: flags=8863
mtu 1500 ether a8:66:7f:11:12:08 inet6 fe80::aa66:7fff:fe11:1208%en0 prefixlen 64 duplicated scopeid 0x4 inet 192.168.0.103 netmask 0xffffff00 broadcast 192.168.0.255 nd6 options=1 media: autoselect status: active
In this case it is 192.168.0.103
I think the netmask ffffff00
means 255.255.255.0
So our range is 192.168.0.0 - 192.168.0.255
So that is 256
ip addresses which means a /24
subnet
-
Use
nmap
to find devices$ nmap -sn 192.168.0.0/24
Starting Nmap 7.40 ( https://nmap.org ) at 2019-07-27 19:49 SAST Nmap scan report for 192.168.0.1 Host is up (0.0017s latency). Nmap scan report for 192.168.0.100 Host is up (0.016s latency). Nmap scan report for 192.168.0.103 Host is up (0.0028s latency). Nmap scan report for 192.168.0.104 Host is up (0.076s latency). Nmap scan report for 192.168.0.105 Host is up (0.076s latency). Nmap scan report for 192.168.0.107 Host is up (0.077s latency). Nmap scan report for 192.168.0.114 Host is up (0.073s latency). Nmap done: 256 IP addresses (7 hosts up) scanned in 2.97 seconds
-sn
means (No port scan)
-sn (No port scan)
This option tells Nmap not to do a port scan after host discovery, and only print out the available hosts that responded to the host discovery
probes. This is often known as a "ping scan", but you can also request that traceroute and NSE host scripts be run. This is by default one step
more intrusive than the list scan, and can often be used for the same purposes. It allows light reconnaissance of a target network without
attracting much attention. Knowing how many hosts are up is more valuable to attackers than the list provided by list scan of every single IP
and host name.
Systems administrators often find this option valuable as well. It can easily be used to count available machines on a network or monitor server
availability. This is often called a ping sweep, and is more reliable than pinging the broadcast address because many hosts do not reply to
broadcast queries.
The default host discovery done with -sn consists of an ICMP echo request, TCP SYN to port 443, TCP ACK to port 80, and an ICMP timestamp
request by default. When executed by an unprivileged user, only SYN packets are sent (using a connect call) to ports 80 and 443 on the target.
When a privileged user tries to scan targets on a local ethernet network, ARP requests are used unless --send-ip was specified. The -sn option
can be combined with any of the discovery probe types (the -P* options, excluding -Pn) for greater flexibility. If any of those probe type and
port number options are used, the default probes are overridden. When strict firewalls are in place between the source host running Nmap and the
target network, using those advanced techniques is recommended. Otherwise hosts could be missed when the firewall drops probes or their
responses.