How do I find a machine in the LAN?

unfa · 10-27-2017, 12:38 PM

Here's a little noob story and an elaborate question.

I've got a LAN network at my workplace with about 30 nodes, two of which I currently operate.

The main machine I use is a desktop, but the second one is headless right now, so I wanted to be able to access it via SSH and VNC to not have to plug my only mouse and keyboard from one to the other all the time.

I managed to get SSH and VNC working, but if I reboot the machine and it gets a different IP address from the router I might now be able to find it.

I tried finding it by hostname, but arp doens't show any hostnames I thought devices advertise their hostnames somehow - maybe I'm wrong?

I was able to use nmap -O to discover Linux machines among the whole bunch, but that scan takes about 75 minutes on that network - not practical to do every time I want to log into SSH.

I've figured out that if I write down the MAC address of my remote machine I will be able to find it's IP:

Code:

arp | grep "ff:ff:ff:ff:ff:ff" | cut -d' ' -f1

That was after I manually checked the IP on the remote headless machine (oh the cables!) and had a working SSH and VNC connections. Haven't I did that - arp would probably not help me find that machine, would it?

I'd like to be able to find that machine on the network easily, that's probably very simple to do, but I can't figure it out.

I've realized that probably only IPs listed in /etc/hosts will be displayed in arp output, and that machines don't tell their hostnames to strangers, even on a local network.

Also - I guess using nmap is a last resort and if it were such a basic tool, it'd be installed on most Linux distributions by default.

I'm running Linux Mint 18.2 on both machines.

273 · 10-27-2017, 12:49 PM

Why not just give it a fixed IP address in the first place? In my experience even without that most leases are long enough that a simple reboot ought not to change the IP address. What's the layout of the network?

TB0ne · 10-27-2017, 01:06 PM

Quote:

Originally Posted by unfa

Here's a little noob story and an elaborate question.

I've got a LAN network at my workplace with about 30 nodes, two of which I currently operate. The main machine I use is a desktop, but the second one is headless right now, so I wanted to be able to access it via SSH and VNC to not have to plug my only mouse and keyboard from one to the other all the time. I managed to get SSH and VNC working, but if I reboot the machine and it gets a different IP address from the router I might now be able to find it. I tried finding it by hostname, but arp doens't show any hostnames I thought devices advertise their hostnames somehow - maybe I'm wrong?

I was able to use nmap -O to discover Linux machines among the whole bunch, but that scan takes about 75 minutes on that network - not practical to do every time I want to log into SSH. I've figured out that if I write down the MAC address of my remote machine I will be able to find it's IP:

Code:

arp | grep "ff:ff:ff:ff:ff:ff" | cut -d' ' -f1

That was after I manually checked the IP on the remote headless machine (oh the cables!) and had a working SSH and VNC connections. Haven't I did that - arp would probably not help me find that machine, would it? I'd like to be able to find that machine on the network easily, that's probably very simple to do, but I can't figure it out.

I've realized that probably only IPs listed in /etc/hosts will be displayed in arp output, and that machines don't tell their hostnames to strangers, even on a local network. Also - I guess using nmap is a last resort and if it were such a basic tool, it'd be installed on most Linux distributions by default. I'm running Linux Mint 18.2 on both machines.

The first thing I'd suggest would be to give your second machine a static IP address and if you can't do that, see if you can get a DHCP reservation (essentially, a static address that's automatically assigned). Those are the easiest options.

And yes, the arp command will work, try this:

Code:

arp -n | grep -i aa:bb:cc:dd:ee:ff

...instead. Note that if your lease expires, your ARP tables may take a short while to rebuild with the new entry, pointing to the right MAC address.

frankbell · 10-27-2017, 09:08 PM

I would recommend nmap. Do a web search for "nmap tutorial" or see man nmap

jlinkels · 10-28-2017, 10:15 AM

nmap can give you the OS, but it does not give you the host name.

A fast tool to discover active IP addresses is fping which gives you all the active IP addresses. After that, the arp cache contains the MAC addresses of pinged machines and you can recognize your MAC address.

But it is still a workaround. Give that machine a fixed IP. Either by adding a reservation in the DHCP server, or assigning a unique address outside the DHCP address pool.

Another option (less known I think) is that virtually every Linux installation now supports IPv6. Since this is your local network you don't relay on external routers. Your host will have a unique, fixed IPv6 link local address.

jlinkels

Jackpot · 10-28-2017, 02:35 PM

This is the simplest way of performing host discovery is with nmap.

# nmap -sP 192.168.X.X/24

Another option is to install the Fing app on your phone. I love this app and use it on every network I connect to... Once intalled, just connect to your network and perform a discovery. Will show you every machine on that network and has the ability to save info for multiple networks. Just a thought

I would set a static ip down the line though to make shit easier for yourself

jlinkels · 10-28-2017, 07:38 PM

Quote:

Originally Posted by Jackpot

the Fing app

fping as I posted in the thread before...

jlinkels

Turbocapitalist · 10-29-2017, 01:20 AM

Quote:

Originally Posted by Jackpot

This is the simplest way of performing host discovery is with nmap.

# nmap -sP 192.168.X.X/24

Though setting a static IP address is the easiest, and best, way forward, nmap is really very useful to know. I'd say do both but only begin with nmap after setting the fixed IP.

Since the search is for SSH servers, the usual way would be to check port 22:

Code:

nmap -sT -p 22 -T 4 192.168.x.x/24

However, it really is one of those programs that is too complex for it to be practical to learn all the setting in advance. So instead mastery of navigating the manual page is necessary:

Code:

man nmap

Fortunately it is one of the well-written manual pages.

For what it is worth there is also a specialized tool, scanssh, which can scan for both SSH servers and SOCKS proxies.

Code:

scanssh -n 22 -s ssh 192.168.x.x/24

TB0ne · 10-30-2017, 07:21 AM

Quote:

Originally Posted by Turbocapitalist

Though setting a static IP address is the easiest, and best, way forward, nmap is really very useful to know. I'd say do both but only begin with nmap after setting the fixed IP. Since the search is for SSH servers, the usual way would be to check port 22:

Code:

nmap -sT -p 22 -T 4 192.168.x.x/24

However, it really is one of those programs that is too complex for it to be practical to learn all the setting in advance. So instead mastery of navigating the manual page is necessary:

Code:

man nmap

Fortunately it is one of the well-written manual pages. For what it is worth there is also a specialized tool, scanssh, which can scan for both SSH servers and SOCKS proxies.

Code:

scanssh -n 22 -s ssh 192.168.x.x/24

Nice one. Used nmap before, but scanssh is a new one for me, thanks.

Turbocapitalist · 10-30-2017, 08:14 AM

Quote:

Originally Posted by TB0ne

Nice one. Used nmap before, but scanssh is a new one for me, thanks.

No problem. Here are some old links about it: