LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   How do I find a machine in the LAN? (https://www.linuxquestions.org/questions/linux-networking-3/how-do-i-find-a-machine-in-the-lan-4175616507/)

unfa 10-27-2017 12:38 PM
How do I find a machine in the LAN?
 
Here's a little noob story and an elaborate question.

I've got a LAN network at my workplace with about 30 nodes, two of which I currently operate.

The main machine I use is a desktop, but the second one is headless right now, so I wanted to be able to access it via SSH and VNC to not have to plug my only mouse and keyboard from one to the other all the time.

I managed to get SSH and VNC working, but if I reboot the machine and it gets a different IP address from the router I might now be able to find it.

I tried finding it by hostname, but arp doens't show any hostnames I thought devices advertise their hostnames somehow - maybe I'm wrong?

I was able to use nmap -O to discover Linux machines among the whole bunch, but that scan takes about 75 minutes on that network - not practical to do every time I want to log into SSH.

I've figured out that if I write down the MAC address of my remote machine I will be able to find it's IP:
Code:
arp | grep "ff:ff:ff:ff:ff:ff" | cut -d' ' -f1
That was after I manually checked the IP on the remote headless machine (oh the cables!) and had a working SSH and VNC connections. Haven't I did that - arp would probably not help me find that machine, would it?

I'd like to be able to find that machine on the network easily, that's probably very simple to do, but I can't figure it out.

I've realized that probably only IPs listed in /etc/hosts will be displayed in arp output, and that machines don't tell their hostnames to strangers, even on a local network.

Also - I guess using nmap is a last resort and if it were such a basic tool, it'd be installed on most Linux distributions by default.

I'm running Linux Mint 18.2 on both machines.

273 10-27-2017 12:49 PM
Why not just give it a fixed IP address in the first place? In my experience even without that most leases are long enough that a simple reboot ought not to change the IP address. What's the layout of the network?

TB0ne 10-27-2017 01:06 PM
Quote:
Originally Posted by unfa (Post 5774467)
Here's a little noob story and an elaborate question.

I've got a LAN network at my workplace with about 30 nodes, two of which I currently operate. The main machine I use is a desktop, but the second one is headless right now, so I wanted to be able to access it via SSH and VNC to not have to plug my only mouse and keyboard from one to the other all the time. I managed to get SSH and VNC working, but if I reboot the machine and it gets a different IP address from the router I might now be able to find it. I tried finding it by hostname, but arp doens't show any hostnames I thought devices advertise their hostnames somehow - maybe I'm wrong?

I was able to use nmap -O to discover Linux machines among the whole bunch, but that scan takes about 75 minutes on that network - not practical to do every time I want to log into SSH. I've figured out that if I write down the MAC address of my remote machine I will be able to find it's IP:
Code:
arp | grep "ff:ff:ff:ff:ff:ff" | cut -d' ' -f1
That was after I manually checked the IP on the remote headless machine (oh the cables!) and had a working SSH and VNC connections. Haven't I did that - arp would probably not help me find that machine, would it? I'd like to be able to find that machine on the network easily, that's probably very simple to do, but I can't figure it out.

I've realized that probably only IPs listed in /etc/hosts will be displayed in arp output, and that machines don't tell their hostnames to strangers, even on a local network. Also - I guess using nmap is a last resort and if it were such a basic tool, it'd be installed on most Linux distributions by default. I'm running Linux Mint 18.2 on both machines.
The first thing I'd suggest would be to give your second machine a static IP address and if you can't do that, see if you can get a DHCP reservation (essentially, a static address that's automatically assigned). Those are the easiest options.

And yes, the arp command will work, try this:
Code:
arp -n | grep -i aa:bb:cc:dd:ee:ff
...instead. Note that if your lease expires, your ARP tables may take a short while to rebuild with the new entry, pointing to the right MAC address.

frankbell 10-27-2017 09:08 PM
I would recommend nmap. Do a web search for "nmap tutorial" or see man nmap

jlinkels 10-28-2017 10:15 AM
nmap can give you the OS, but it does not give you the host name.

A fast tool to discover active IP addresses is fping which gives you all the active IP addresses. After that, the arp cache contains the MAC addresses of pinged machines and you can recognize your MAC address.

But it is still a workaround. Give that machine a fixed IP. Either by adding a reservation in the DHCP server, or assigning a unique address outside the DHCP address pool.

Another option (less known I think) is that virtually every Linux installation now supports IPv6. Since this is your local network you don't relay on external routers. Your host will have a unique, fixed IPv6 link local address.

jlinkels

Jackpot 10-28-2017 02:35 PM
This is the simplest way of performing host discovery is with nmap.

# nmap -sP 192.168.X.X/24



Another option is to install the Fing app on your phone. I love this app and use it on every network I connect to... Once intalled, just connect to your network and perform a discovery. Will show you every machine on that network and has the ability to save info for multiple networks. Just a thought

I would set a static ip down the line though to make shit easier for yourself

jlinkels 10-28-2017 07:38 PM
Quote:
Originally Posted by Jackpot (Post 5774788)
the Fing app
fping as I posted in the thread before...

jlinkels

Turbocapitalist 10-29-2017 01:20 AM
Quote:
Originally Posted by Jackpot (Post 5774788)
This is the simplest way of performing host discovery is with nmap.

# nmap -sP 192.168.X.X/24
Though setting a static IP address is the easiest, and best, way forward, nmap is really very useful to know. I'd say do both but only begin with nmap after setting the fixed IP.

Since the search is for SSH servers, the usual way would be to check port 22:

Code:
nmap -sT -p 22 -T 4 192.168.x.x/24
However, it really is one of those programs that is too complex for it to be practical to learn all the setting in advance. So instead mastery of navigating the manual page is necessary:

Code:
man nmap
Fortunately it is one of the well-written manual pages.

For what it is worth there is also a specialized tool, scanssh, which can scan for both SSH servers and SOCKS proxies.

Code:
scanssh -n 22 -s ssh 192.168.x.x/24

TB0ne 10-30-2017 07:21 AM
Quote:
Originally Posted by Turbocapitalist (Post 5774866)
Though setting a static IP address is the easiest, and best, way forward, nmap is really very useful to know. I'd say do both but only begin with nmap after setting the fixed IP. Since the search is for SSH servers, the usual way would be to check port 22:
Code:
nmap -sT -p 22 -T 4 192.168.x.x/24
However, it really is one of those programs that is too complex for it to be practical to learn all the setting in advance. So instead mastery of navigating the manual page is necessary:
Code:
man nmap
Fortunately it is one of the well-written manual pages. For what it is worth there is also a specialized tool, scanssh, which can scan for both SSH servers and SOCKS proxies.
Code:
scanssh -n 22 -s ssh 192.168.x.x/24
Nice one. Used nmap before, but scanssh is a new one for me, thanks.

Turbocapitalist 10-30-2017 08:14 AM
Quote:
Originally Posted by TB0ne (Post 5775209)
Nice one. Used nmap before, but scanssh is a new one for me, thanks.
No problem. Here are some old links about it:


All times are GMT -5. The time now is 04:37 AM.