Neat and fast way to count devices in home network

Question

Possible Duplicate:
How to find unused IP Address on a network?

currently I am using nmap wich scans the range of IPs that my DHCP server assigns to hosts. However this is a) slow and b) sometimes nmaps doesn't discover all hosts. Laptops that are connected wirelessly sometimes aren't counted.

I tried almost all possible nmap scan techniques like:

sP,sS, sT, sW, sM etc... they all miss out the laptops sometimes although I can ping them at any time.

I am looking for an efficient way to accomplish this without missing out some hosts. My Router is a Linksys WRT54GL and I am using the latest Tomato firmware.

`sudo nmap -sP -PR 192.168.0.*` shold return all IP from the 192.168.0.0 network no mather what. Can you check if you are using `sudo` on the command, you get different results if not. — Bruno Pereira, Dec 08 '11 at 21:24
Its not an exact, its the opposite but the solutions are really common. — Bruno Pereira, Dec 08 '11 at 21:31
How about looking it up from the router itself? If you login to most routers, you can see a list of connected devices pretty quickly. — Tom Brossman, Dec 08 '11 at 21:35
But has to be from the command line :) Sorry didn't say that in the question. — imbaer, Dec 08 '11 at 21:49
BTW: may I ask which operating system the laptos used while scanning with nmap? If they are common or widely used, are there any ports open, ping disabled or some other configuration to hide them? — math, Dec 09 '11 at 11:03
I can ping any of them. Its an android (gingerbread cynogenmod 7.1) device, one windows 7 laptop, one windows 7 pc (wireless) and one Ubuntu laptop. They are all missed out occasionally by both nmao and arp-scan. However as I mentioned in the accepted answer with --retry=8 and --ignoredups I can work around that. — imbaer, Dec 09 '11 at 11:07

Bruno Pereira · Accepted Answer · 2011-12-09T08:49:26.127

5

You can also try arp-scan (install using sudo apt-get install arp-scan on a terminal)

It returns MAC addresses and tries to find the manufacturer of the network adapter.

ie, sudo arp-scan --retry=8 --ignoredups -I eth0 192.168.1.0/24 (--ignoredumps and --retry=8 make the results more accurate) returns

Interface: eth0, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8.1 with 256 hosts (http://www.nta-monitor.com/tools/arp-scan/)
192.168.1.1 68:7f:74:a5:07:18   Cisco-Linksys, LLC
192.168.1.5 00:11:32:07:71:ac   Synology Incorporated
192.168.1.100   00:21:9b:f8:ec:1c   Dell Inc
192.168.1.117   00:12:fb:1a:88:8a   Samsung Electronics

4 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.8.1: 256 hosts scanned in 1.377 seconds (185.91 hosts/sec). 4 responded

Give it a try.

edited Dec 09 '11 at 08:49

answered Dec 08 '11 at 21:30

Bruno Pereira

72,895
33
199
223

Looks good so far, I'll evaluate it a little more and check back tomorrow. – imbaer Dec 08 '11 at 21:36
With the --retry option combined with --ignoredups this works like a charm. `sudo arp-scan --retry=8 --ignoredups -I eth0 192.168.0.100-192.168.0.150` – imbaer Dec 09 '11 at 08:13
Nice! I will add it to the answer then. – Bruno Pereira Dec 09 '11 at 08:48

Neat and fast way to count devices in home network

1 Answers1