Any way to find unused IP addresses on my network?
Solution 1
Probably the best way is to use NMAP (http://nmap.org/) in ARP Ping scan mode. The usage will be something like nmap -sP -PR 192.168.0.*
(or whatever your network is).
The advantage of this approach is that it uses the Address Resolution Protocol to detect if IP addresses are assigned to machines. Any machine that wants to be found on a network needs to answer the ARP, so this approach works where ping scans, broadcast pings and port scans don't (due to firewalls, OS policy, etc.).
Solution 2
You really should not be trying to find unused IP addresses on a network that uses DHCP. You should not be doing this unless you know what you are doing, and asking how to do it suggests that you do not.
Network address management is implicitly an organizational (not a technical) activity. DHCP makes network administrators often think it is purely technical, but the protocol is well designed and can easily support your needs with a little bit of political negotiation.
DHCP has a feature where certain systems can be given the same IP address every time (in other words, the assignment mechanism can be dynamic, but the assignments themselves can be fixed).
Ask your DHCP administrator to create some entries for you. If they say "no", do some leg work, and ask your manager to ask their manager to do it.
Or ask the DHCP administrator to allocate a range of IP address for your personal use, but not serve them out of DHCP.
This is really in everyone's best interests. If you project is worth of a little extra effort, some organizational love will go a long way.
I don't think that the other posters have thought seriously about what can happen, and part of the danger is that the results of IP address conflicts are unpredictable:
If you poach addresses, and then they conflict with someone else's system, the results can be painful, like job ending.
Systems behave differently when they have IP conflicts. Some drop themselves quickly. Some just put weird warnings on your screen. Potentially some systems would fight over the IP address.
You don't know what system you would be disconnecting. You could be disconnecting an important server, or your system might have a stub server that starts responding to real traffic. Or it could be you boss's PC, or some senior engineering person who was also IP squatting.
Here's a DNS story that is pretty similar. I worked with a smart, but sometimes obnoxious person in a company, and he understood most of everything, except DNS resolution. He configured about 80% of the companies mail systems so that if there was a minor outage, my lab environment ended up being the outbound mail server. They caught this problem quickly, but you can imagine how bad this could be if my system hadn't queued the mail behind the firewall.
Solution 3
Personally I like AngryIPScanner. http://www.angryziber.com/
Solution 4
One time at my company, somebody accidently set their IP to that of the core switch in our server room.
Net result:
"WTF Happened to the Network1?!?!"
Moral of the story: Please talk to your admins. If you are in engineering firm, chances are they have a process in place to give you an address, or even your own range.
Solution 5
You basically have to options:
Ask your DHCP server what addresses it has already assigned (via the web interface, cli interface, or whatever interface your server uses). This will work if very node on your network uses DHCP to configure itself (i.e., doesn't have any self-assigned IP addresses). Obviously you also need access to the router's configuration, which it sounds like you might not have.
Ping (or portscan) your entire subnet and see who answers. This might not work if particular nodes have ICMP-echo-request disabled (i.e., "Block ping").
Related videos on Youtube
jasonh
Updated on September 17, 2022Comments
-
jasonh over 1 year
How can I locate unused IP addresses on my network? The DHCP server keeps assigning the same address and I need a different IP address to test my application with. The software would need to run on Windows.
-
msanford almost 15 yearsI have a strong feeling, from the phrasing of his question, that he's not the network's administrator, but it just looking for a free IP address to test some code with.
-
jasonh almost 15 yearsThat's correct, I don't have access to the DHCP server. Any suggested utilities to ping the subnet? I tried the "ping 224.0.0.1" suggestion but it reports "General failure".
-
jasonh almost 15 yearsExactly. I'm writing an app that automates logging in through a Cisco firewall. Once I've logged into it for the day, I have no way of logging out. Since I need to test different scenarios in my code, I need to be able to get a different IP so I get prompted to log in again.
-
msanford almost 15 years+1 I hadn't realized that nmap binaries were available on Windows; definitely use that, it rocks.
-
msanford almost 15 yearsGuilherme has it below, use nmap nmap.org/download.html though the syntax is
nmap -sP 192.168.0.1-254
-
jasonh almost 15 yearsThat did it exactly. Hopefully I didn't upset anyone with the query. Apparently Nmap also likes to tell me what "interesting" ports are open on any of the machines it encounters. :O I definitely didn't need or want that.
-
jasonh almost 15 yearsThanks for the tips. I'm aware of the possibility of the DHCP server issuing the address to someone else, so I don't plan to keep it for long. I really do need another IP address. The Cisco firewall checks my IP address to see if I've been authenticated through there before during the last 12 hour period and if so, never presents me with a means for logging out. The only way to get back to the login screen is to let that 12 hour time-frame expire or get a new IP. I did that once already by switching to a wireless connection, but now I need another shot at the firewall so I can check my code.
-
Roger E. almost 15 yearsOoops. Using -sP in addition to -PR should disable the unnecessary port scan.
-
msanford almost 15 years-0.5 for me, wildcards are acceptable in nmap host specifications (0.5 because there's no "*" in the manpage relating to hosts, only ports ;)
-
nik almost 15 yearsIt is surprising that we describe a
nmap
horizontal scan solution to a (newbie?) question asking how to 'push' an unused IP address in a DHCP allocated networking environment. Is it not our responsibility (as admins?) to suggest that he approach the local DHCP authority (his admin?) and get some test IP addresses allocated? AGREED, this is an elegant hack, we all love nmap, including matrix fans. But, do we understand what is happening here? -
nik almost 15 years@benc, Excellent! this is the first answer I see being rational about scanning for an unused IP address in a DHCP environment. +1 for thinking like an Admin on ServerFault.
-
nik almost 15 yearsIt seems, I noticed this question just because you answered this today! Things seem to have concluded without this point here last month!!
-
Martin KS over 12 yearsIt's a shame this isn't the selected answer - because it answers the real question. +1
-
Nirav Limbasiya almost 8 years+1 the usage of nmap is perfect
-
benc almost 6 years+1 - these are the stories that scare people into behaving correctly. Sorry it happened to you in real-life.
-
Bob over 3 yearsAs mentioned elsewhere - a list with the IP-addresses of all hosts that respond to Ping is not (necessarily) the same as all IP-addresses that are actively used.
-
Vaibhav Panmand over 3 yearsfping only resolve IP's which respond to ICMP if ICMP is droped then it will show th host unreachable even IP address in use